Skip to main content

Overview

The LoginEntry model is used to authenticate and gain access to manage a specific short URL. When a short URL is password-protected, you must provide valid credentials to perform management operations.

When to Use

This model is used in:
  • POST /login - Authenticate and receive an access token for managing a short URL

Schema Definition

url_code
string
required
The short code of the URL you want to manage.This should match the url_code used when creating the short URL.
This is the same code that appears in your shortened URL path
url_pass
string
required
The password that was set when creating the short URL.
This field is required even if the URL was created without a password (use empty string)
Authentication:
  • Must match the password set during URL creation
  • Used to generate a JWT access token for subsequent management operations
  • Tokens expire after a set duration (check API response for expiration)

Example JSON

{
  "url_code": "my-link",
  "url_pass": "secret123"
}

Authentication Flow

The login endpoint returns a JWT access token that must be included in the Authorization header for protected management endpoints.
  1. Login Request - Send POST to /login with LoginEntry credentials
  2. Receive Token - API responds with access token and expiration time
  3. Use Token - Include token in Authorization: Bearer <token> header
  4. Token Expiry - Use /refresh_token endpoint to get a new token before expiration
  5. Manage URL - Perform operations like delete, pause, change password, etc.

Response

Successful authentication returns: 
{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "bearer",
  "expires_in": 3600
}
Store the access token securely and reuse it for multiple management operations until it expires

Error Cases

Common Authentication Errors:
  • 404 Not Found - The url_code doesn’t exist
  • 401 Unauthorized - Incorrect url_pass provided
  • 400 Bad Request - Missing required fields

Security Considerations

  • Never log or expose the url_pass in client-side code
  • Use HTTPS for all login requests to prevent password interception
  • Store access tokens securely (e.g., HTTP-only cookies, secure storage)
  • Implement token refresh logic before expiration
  • Clear tokens on logout

Build docs developers (and LLMs) love

Get started for freeTalk to us