Skip to content

Support Center

Developer Docs

SwiftURL has a REST API for creating links, pulling analytics, and wiring the platform into your own tools. The same safety checks and governance apply whether a human or a script creates a link.

For the full, always-current reference, see the interactive API docs and OpenAPI spec:

Authentication

Requests to /api/v1/* accept either a signed-in browser session or an API key. Create keys in the dashboard under Settings → API Keys. Each key is scoped to a workspace, is granted read or read and write access, and is shown only once when created.

Send the key as a bearer token:

curl https://app.swifturl.co/api/v1/links \
  -H "Authorization: Bearer ql_live_your_key_here" \
  -H "x-workspace-id: your_workspace_id"

If you belong to more than one workspace, set the x-workspace-id header to choose one; otherwise your default membership is used. Write operations are further gated by your role.

Links are safety-checked before they are created. A link that fails a critical check is rejected.

curl -X POST https://app.swifturl.co/api/v1/links \
  -H "Authorization: Bearer ql_live_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{ "url": "https://example.com/sale", "domain": "sftl.in", "slug": "spring-sale" }'

POST /api/v1/links supports an Idempotency-Key header, so a retried request will not create a duplicate link.

What you can call

  • Links: GET/POST /api/v1/links, GET/PATCH/DELETE /api/v1/links/{id}, POST /api/v1/links/import
  • Analytics: GET /api/v1/analytics?range=7|30|90, plus geo, campaign, link, and realtime breakdowns
  • Campaigns: GET/POST /api/v1/campaigns, GET/PATCH/DELETE /api/v1/campaigns/{id}
  • Webhooks: GET/POST /api/v1/webhooks, GET/PATCH/DELETE /api/v1/webhooks/{id}, delivery history
  • UTM presets: GET/POST /api/v1/utm-presets, GET/PATCH/DELETE /api/v1/utm-presets/{id}
  • Custom domains: GET/POST /api/v1/domains, verify and configure
  • API keys: GET/POST /api/v1/api-keys, DELETE /api/v1/api-keys/{id}

Webhooks

Register endpoints to receive events such as a link’s health changing. Each delivery is signed with HMAC-SHA256 so you can verify it came from SwiftURL, and your signing secret is stored encrypted at rest. Deliveries are logged with retry tracking.

Manage endpoints under Settings → Webhooks, or via POST /api/v1/webhooks. Verify a delivery by recomputing the HMAC of the raw request body with your endpoint’s signing secret and comparing it to the signature header.

Rate limits and errors

API calls are rate limited to keep the platform reliable. On errors, the API returns a generic message with the relevant HTTP status; detailed diagnostics are logged server-side, not returned to clients.

Need something that isn’t here yet? Reach us at support@swifturl.co.