Integrate Difilm Shortlink into your app or workflow via REST API — authentication, endpoints, bulk import, and security best practices.
Authentication
Send your API key in the X-Api-Key header. Find your key in dashboard → Settings. Never expose keys in client-side JavaScript.
Core Endpoints
- POST /api/v1/links — create shortlink
- GET /api/v1/links — list your links
- GET /api/v1/stats — aggregate analytics
Full reference: /docs/api
Example Request
curl -X POST https://difilm.site/api/v1/links \
-H "X-Api-Key: YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{"url":"https://example.com/page","mode":"both"}'
Error Handling
HTTP 401 = invalid key. 422 = validation error (bad URL, banned domain). 429 = rate limit. Implement retries with backoff for 5xx errors.
Security Best Practices
- Store API keys in environment variables
- Rotate keys if leaked
- Use server-side calls only
- Validate destination URLs before creating links



