REST API · v1
REST API — written to be read, not just used.
Stable base URL, standard auth, JSON everywhere, clear limits. No surprises.
https://api.cd4cd.com
Authentication
Every request needs an Authorization header with an API key starting with cd_live_ for production or cd_test_ for sandbox.
$ curl https://api.cd4cd.com/v1/links \
-H "Authorization: Bearer cd_live_xxxx"Endpoints
| Method | Path | Description |
|---|---|---|
| POST | /v1/auth/login | Sign in, returns JWT. |
| POST | /v1/auth/refresh | Refresh the access token. |
| POST | /v1/links | Create a new short link. |
| GET | /v1/links | List all links. |
| GET | /v1/links/:id | Single link details. |
| PATCH | /v1/links/:id | Update destination or alias. |
| DELETE | /v1/links/:id | Delete a link. |
| GET | /v1/links/:id/clicks | Click history + breakdown. |
| POST | /v1/qr | Create a QR code (15+ types). |
| GET | /v1/bio/:username | Public Bio page data. |
| POST | /v1/users/me/export | Export all your data (JSON). |
Example: create a link
POST /v1/links
Authorization: Bearer cd_live_xxx
Content-Type: application/json
{
"longUrl": "https://example.com/long/path",
"alias": "promo-2026",
"tags": ["campaign-q2"],
"expiresAt": "2026-12-31T23:59:59Z"
}
→ 201 Created
{
"id": "lnk_8f3c_a91",
"shortCode": "promo-2026",
"shortUrl": "https://cd4cd.com/promo-2026",
"longUrl": "https://example.com/long/path",
"createdAt": "2026-05-13T05:42:00Z"
}Rate limits
- Free: 60 req/min · 10K/month
- Pro: 600 req/min · 100K/month
- Business: negotiable
Every response carries headers X-RateLimit-Limit · X-RateLimit-Remaining · X-RateLimit-Reset.
Error codes
| Status | Message | Reason |
|---|---|---|
| 400 | Bad Request | Invalid JSON or missing field. |
| 401 | Unauthorized | Missing or expired token. |
| 403 | Forbidden | Insufficient scope. |
| 404 | Not Found | Resource not found. |
| 422 | Validation | Zod validation failed. |
| 429 | Rate Limited | You exceeded the limit. |
| 500 | Server Error | Our fault — contact support. |
Need help? [email protected].