business plan · rest api

a rest api built
for your stack

Bearer-token auth, SHA-256-hashed keys at rest, full CRUD on short links, bio links, profile, subscribers, and broadcasts. Build automation, internal tools, integrations — your data stays portable.

see business pricing → try free first
~ create-link.sh live api 
# create a short link via the public REST API
curl -X POST https://api.c3.lt/api/v1/shortlinks \
  -H "Authorization: Bearer c3lt_a4f8...e9c2" \
  -H "Content-Type: application/json" \
  -d '{"destinationUrl":"https://yourbrand.com/launch","slug":"spring"}'

# 201 Created
{
  "id": "01HW8X...",
  "slug": "spring",
  "destinationUrl": "https://yourbrand.com/launch",
  "clickCount": 0,
  "createdAt": "2026-04-26T18:00:00.000Z"
}
▮ reference

every endpoint.

v1 covers short links, bio links, profile, subscribers, and broadcasts. More resources land as the API matures — versioned so contracts never break.

Meta
GET
/api/v1
Capability probe — verify your key works + see your plan + every endpoint.
Short links
GET
/api/v1/shortlinks
List short links you own. Paginated.
POST
/api/v1/shortlinks
Create a short link. Plan limits + AI harm classification enforced.
GET
/api/v1/shortlinks/:id
Read one short link by ID.
DELETE
/api/v1/shortlinks/:id
Delete one. KV cache invalidated automatically.
GET
/api/v1/shortlinks/:id/clicks
Recent clicks for a link, scoped to your plan retention.
Profile
GET
/api/v1/profile
Read your bio profile (display name, theme, custom CSS, password-set bool).
PATCH
/api/v1/profile
Update profile fields. Plan-gated fields (customCss, backgroundUrl) enforced.
Bio links
GET
/api/v1/bio-links
List bio links across your profile. Paginated.
POST
/api/v1/bio-links
Create a bio link or section heading. Plan-capacity enforced.
GET
/api/v1/bio-links/:id
Read one bio link by ID.
PATCH
/api/v1/bio-links/:id
Update title, URL, schedule, pin, embed, tip, etc.
DELETE
/api/v1/bio-links/:id
Delete one bio link.
GET
/api/v1/bio-links/:id/clicks
Recent clicks for one bio link.
Subscribers
GET
/api/v1/subscribers
List email subscribers across your profiles. Paginated.
GET
/api/v1/subscribers/count
Aggregate counts (total + last-week) for header strips.
DELETE
/api/v1/subscribers/:id
Remove one subscriber.
Broadcasts
GET
/api/v1/broadcasts
Last 20 broadcast emails you've sent. Read-only — sending requires the dashboard's typed-confirmation flow.
authentication

Bearer tokens, hashed at rest.

Mint a key in Settings → API Keys. The full c3lt_* token is shown once — store it in your secret manager. We persist only the SHA-256 hash, so a database export reveals nothing usable.

Revoke any key from the dashboard instantly — a soft-delete flips isActive = false across the edge.

plan + scope

Same limits, same rules.

The API enforces the exact same plan limits, validators, and AI harm classification as the dashboard. Keys never escape your account — they only act on resources you own.

Pro/Business-only fields (routing, expiry, password, click limits) are silently stripped from Free-key requests, so a simple "create a link" call never 400s.

versioned. forever.

The public API lives at /api/v1. Breaking changes ship as /api/v2 — your existing integration keeps running on its own contract until you choose to migrate.

Bearer
auth scheme
standard, framework-friendly
SHA-256
keys at rest
hash-only storage
JSON
request + response
no XML, no proto
$29/mo
plan required
Business · unlimited keys

build on your stack.

API access ships with Business — $29/mo, cancel anytime.

see pricing → see all features