Integrate Difilm Shortlink into your app or workflow via REST API — authentication, endpoints, bulk import, and security best practices.

Authentication

Send your API key in the X-Api-Key header. Find your key in dashboard → Settings. Never expose keys in client-side JavaScript.

Core Endpoints

  • POST /api/v1/links — create shortlink
  • GET /api/v1/links — list your links
  • GET /api/v1/stats — aggregate analytics

Full reference: /docs/api

Example Request

curl -X POST https://difilm.site/api/v1/links \
  -H "X-Api-Key: YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url":"https://example.com/page","mode":"both"}'

Error Handling

HTTP 401 = invalid key. 422 = validation error (bad URL, banned domain). 429 = rate limit. Implement retries with backoff for 5xx errors.

Security Best Practices

  • Store API keys in environment variables
  • Rotate keys if leaked
  • Use server-side calls only
  • Validate destination URLs before creating links