GET /api/links
Retrieve all short links created by the authenticated user.
Authentication
Session-based authentication required. Endpoint returns 401 if not authenticated.
Response
Returns an array of link objects sorted by creation date (newest first).
Unique identifier for the link.
The short code used in the URL.
ISO 8601 timestamp of when the link was created.
ISO 8601 timestamp of when the link expires, or null if never expires.
Whether this link uses a custom slug (true) or auto-generated code (false).
Total number of times this link has been accessed.
The user ID who created this link.
Examples
curl -X GET https://shrtnr.app/api/links \
-H "Cookie: session=your-session-token"
Success Response
[
{
"id": 42,
"short_code": "summer-sale",
"original_url": "https://example.com/campaign/summer-sale",
"created_at": "2026-03-01T10:30:00.000Z",
"expires_at": "2026-03-31T10:30:00.000Z",
"custom_slug": true,
"clicks": 1337,
"user_id": "user_abc123"
},
{
"id": 41,
"short_code": "Xy9pQz1m",
"original_url": "https://example.com/article",
"created_at": "2026-02-28T15:45:00.000Z",
"expires_at": "2026-03-07T15:45:00.000Z",
"custom_slug": false,
"clicks": 42,
"user_id": "user_abc123"
}
]
Error Response
{
"error": "Unauthorized"
}
PATCH /api/links/[id]
Update an existing short link. Only the link owner can update their links.
Authentication
Session-based authentication required.
Path Parameters
The unique identifier of the link to update. Must be a positive integer.
Request Body
New short code for the link.
- Must match regex:
/^[a-zA-Z0-9_-]{1,20}$/
- Must be unique (not used by another link)
- Updates
custom_slug flag to true
- Clears Redis cache for old and new codes
New expiration date as ISO 8601 timestamp, or null to remove expiration.
- Pass ISO 8601 string (e.g.,
"2026-12-31T23:59:59Z") to set expiration
- Pass
null to remove expiration (link never expires)
- Omit field to leave expiration unchanged
Both fields are optional. You can update either field independently or both together.
Response
Returns true on successful update.
Error Responses
400 Bad Request
"Invalid id" - ID is not a positive integer"Invalid slug" - Short code doesn’t match validation rules"Slug already in use" - New short code is already taken by another link
401 Unauthorized
"Unauthorized" - Not authenticated
404 Not Found
"Not found" - Link doesn’t exist or doesn’t belong to the user
500 Internal Server Error
"Something went wrong" - Unexpected server error
Examples
curl -X PATCH https://shrtnr.app/api/links/42 \
-H "Content-Type: application/json" \
-H "Cookie: session=your-session-token" \
-d '{
"shortCode": "new-slug"
}'
Success Response
DELETE /api/links/[id]
Delete a short link. Only the link owner can delete their links.
Authentication
Session-based authentication required.
Path Parameters
The unique identifier of the link to delete. Must be a positive integer.
Response
Returns true on successful deletion.
Error Responses
400 Bad Request
"Invalid id" - ID is not a positive integer
401 Unauthorized
"Unauthorized" - Not authenticated
404 Not Found
"Not found" - Link doesn’t exist or doesn’t belong to the user
500 Internal Server Error
"Something went wrong" - Unexpected server error
Examples
curl -X DELETE https://shrtnr.app/api/links/42 \
-H "Cookie: session=your-session-token"
Success Response
Deletion is permanent and cannot be undone. The short code becomes available for reuse.