MASK

# Developer Documentation

API Reference

Complete REST API documentation. Every feature in the dashboard is available via our API with scoped authentication, webhooks, and predictable resource-oriented URLs.

Authentication GuideSDKs & Libraries

# Base URL

https://api.mask.bz/v1

All API requests are made to this base URL over HTTPS. HTTP requests are rejected. All request and response bodies are JSON-encoded.

# Authentication

Authorization: Bearer mk_live_your_api_key

Authenticate by including your API key in the Authorization header. Keys are scoped to workspaces and can be created from Settings → API Keys.

# Quick reference

Common endpoints.

POST/v1/links
GET/v1/links
GET/v1/links/:id
PATCH/v1/links/:id
DELETE/v1/links/:id
GET/v1/analytics/clicks
POST/v1/bio-pages
POST/v1/webhooks

# Example

Create a short link.

Request

curl -X POST https://api.mask.bz/v1/links \
  -H "Authorization: Bearer mk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://example.com/long-page",
    "slug": "my-link",
    "domain": "go.yourbrand.com",
    "tags": ["campaign-q1"],
    "utm_source": "twitter",
    "utm_medium": "social",
    "expires_at": "2026-12-31T23:59:59Z"
  }'

Response

{
  "id": "lnk_abc123",
  "url": "https://example.com/long-page",
  "short_url": "https://go.yourbrand.com/my-link",
  "slug": "my-link",
  "domain": "go.yourbrand.com",
  "tags": ["campaign-q1"],
  "clicks": 0,
  "utm_source": "twitter",
  "utm_medium": "social",
  "expires_at": "2026-12-31T23:59:59Z",
  "created_at": "2026-03-13T10:00:00Z"
}

# Resources

API resources.

Authentication

API key authentication with scoped permissions. Create and manage keys from your workspace settings.

API KeysScopesToken Rotation

Links

Create, read, update, and delete short links. Supports custom slugs, UTM parameters, expiration, and tags.

POST /linksGET /linksGET /links/:idPATCH /links/:idDELETE /links/:id

Bio Pages

Programmatically create and manage bio pages, blocks, and themes via the API.

POST /bio-pagesGET /bio-pagesPATCH /bio-pages/:idPOST /bio-pages/:id/blocks

QR Codes

Generate QR codes for any link with custom colors, logos, and output formats (SVG, PNG).

POST /qr-codesGET /qr-codes/:idGET /qr-codes/:id/image

Analytics

Query click data with filters for date range, geography, device, referrer, and more.

GET /analytics/clicksGET /analytics/timeseriesGET /analytics/top-links

Webhooks

Subscribe to events like link.created, link.clicked, and page.viewed. Verify signatures for security.

POST /webhooksGET /webhooksDELETE /webhooks/:id

# Rate limits

Fair usage limits.

60

requests / minute

Hobby plan

600

requests / minute

Pro plan

6,000

requests / minute

Enterprise plan

Rate limit headers are included in every response: X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset. When you exceed the limit, the API returns 429 Too Many Requests with a Retry-After header.

# Error handling

HTTP status codes.

200Request succeeded
201Resource created
400Bad request — invalid parameters
401Unauthorized — missing or invalid API key
403Forbidden — insufficient scope
404Resource not found
409Conflict — slug already taken
422Validation error — check response body
429Rate limit exceeded
500Internal server error

Start building today.

Create a free account and generate your first API key in minutes.

Get Your API KeyBrowse SDKs

Ready to get started?

Start building with a free account.
Speak to an expert for your Pro or Enterprise needs.

Request Early AccessTalk to an Expert

Explore MASK Enterprise

with an interactive product tour,
trial, or a personalized demo.

Explore Enterprise →