Use a short URL API and QR code API in your workflow
The 8here API gives approved workspaces a short URL API, link shortener API, and QR code API flow: exchange app credentials for a bearer token, create Open Links, list large datasets, inspect analytics, and receive QR Base64.
Token-secured access
Applications exchange client credentials for short-lived bearer tokens before calling create, list, or detail endpoints. The API is not anonymous or publicly open.
QR asset in the payload
`qrCodeBase64` contains raw PNG Base64 for the same short URL, ready for rendering, storage, print workflows, or campaign asset generation.
Sandbox before live usage
Sandbox applications return static sample data with filters, sorting, pagination, analytics, and QR fields so teams can validate integrations without spending live quota.
Get approved and create keys
The Open Links API is secured by application credentials. Create keys from your signed-in 8here workspace after API access is active for your personal account or company workspace.
1. Sign in and open Applications from the workspace menu. If API access is not active, open Requests and submit an API access permission request first.
2. Register an application with a clear name and description so your team can identify where the credentials are used.
3. Choose Sandbox for safe integration testing or Live for real Open Links data and real link creation.
4. Copy the client ID and client secret immediately. The secret is shown once, so store it in your own secret manager before leaving the page.
Sandbox application flow
Sandbox is for building and validating integrations without touching production link data or live quota.
Create a Sandbox application from Applications and exchange its credentials at `/api/api-applications/token`.
Use the same Open Links endpoints as live: list, create, and detail. The application environment decides that the response comes from static sample data.
Sandbox list/detail responses include varied sample records, analytics, filters, sorting, pagination, short URLs, and QR Base64 so frontend and backend teams can test fully.
Sandbox create responses are marked as non-persisted and do not consume live public-link quota. Sandbox traffic is capped at 15 requests/minute per application.
Live application flow
Live applications use the same authentication pattern, but every request is scoped to the approved personal or company workspace that owns the application.
Create a Live application only after API access is approved. Company-owned live apps use the shared company API setting and quota.
Exchange live credentials for a bearer token, then call `/api/api-applications/public/links` to list or create real Open Links.
Live create requests persist links, return `shortUrl` and `qrCodeBase64`, and still respect the public-link quota assigned to the account or company.
Live list/detail requests only return links owned by the authenticated application scope; another user's or company's links are not exposed.
Useful data without messy exports
The public list endpoint is designed for meaningful retrieval, not a blind export. Use filters and pagination before pulling large datasets into your own tool.
Use `q` to search public link titles, slugs, or destinations.
Use `hasVisits=true` or `hasVisits=false` to separate active links from links that have not received traffic yet.
Use `limit` and `offset` for pagination. Keep pages small for faster responses and safer retry behavior.
Use `sortBy=createdAt|updatedAt|title|clicks` and `sortOrder=asc|desc` to match reporting, sync, or dashboard needs.
Use the detail endpoint with `{linkId}` when you need one link's analytics, short URL, destination, and QR Base64 payload.
Limits, quota, and upgrade requests
API access is designed to protect platform performance while giving growing campaigns a clear path to more capacity.
Live API access requires approval. If access is disabled, use the Requests page to ask for API access permission.
Sandbox is fixed at 15 requests/minute per application. Live applications share the approved account or company threshold, starting from the configured default.
Live link creation also uses the public-link quota. Request a public-link quota increase when you need more redirect links.
Request API rate-limit increases from the Requests page. Higher limits and add-ons may require commercial review, manual payment links, or owner approval before activation.
Public Open Links API examples
Use the same endpoint family for sandbox and live. The selected application environment controls whether responses are static samples or real workspace data.
# 1. In 8here, open Applications and create a SANDBOX or LIVE app.
# Copy clientId and clientSecret immediately; the secret is shown once.
# 2. Exchange credentials for a one-hour bearer token.
curl -X POST "https://8here.in/api/api-applications/token" \
-H "Content-Type: application/json" \
-d '{"clientId":"lv_your_client_id","clientSecret":"lvs_your_client_secret"}'
# 3. List Open Links. SANDBOX apps return static sample data.
# LIVE apps return your approved personal/company workspace data.
curl "https://8here.in/api/api-applications/public/links?limit=25&offset=0&sortBy=updatedAt&sortOrder=desc&q=launch&hasVisits=true" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"
# 4. Create an Open Link. SANDBOX responses are not persisted.
# LIVE creation uses live API rate limit and public-link quota.
curl -X POST "https://8here.in/api/api-applications/public/links" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{"title":"Launch page","destination":"https://8here.in/launch","slug":"launch-page"}'
# 5. Inspect one public link with analytics and QR output.
curl "https://8here.in/api/api-applications/public/links/{linkId}" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"
# Responses include shortUrl and qrCodeBase64 for the same redirect URL.