Authentication

All Shrinkr API endpoints require authentication. The recommended approach for external applications is to use an API key.

API access requires a plan that supports it (Pro or higher).

Generating an API Key

1. 1.Log in to your Shrinkr dashboard
2. 2.Navigate to Settings → API Keys
3. 3.Click Generate New Key
4. 4.Copy the key immediately — it will only be shown once

Your key will look like this:

sk_shrinkr_a1b2c3d4e5f6g7h8i9j0k1l2

Using Your API Key

Include the API key in the Authorization header of every request:

curl -X POST https://shrinkr.nl/api/v1/links \
  -H "Authorization: Bearer sk_shrinkr_a1b2c3d4e5f6g7h8i9j0k1l2" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://example.com"}'

Key Management

Pausing a Key

You can temporarily disable an API key from Settings → API Keys by clicking the pause button. A paused key will return 401 Unauthorized for all requests.

Revoking a Key

Permanently delete a key by clicking the trash icon. This action cannot be undone. You'll need to generate a new key if needed.

Security Best Practices

• Never expose your API key in client-side code (browser, mobile apps)
• Store keys in environment variables or a secrets manager
• Use one key per application to track usage and revoke independently
• Rotate keys periodically

Session Authentication

If you're making requests from the browser while logged into the Shrinkr dashboard, session cookies are used automatically. No API key is needed for dashboard interactions.