Skip to content

Authentication

Every API request requires an X-API-Key header.

  1. Sign in to qck.sh/app
  2. Navigate to API
  3. Click Create API Key
  4. Copy it (shown only once)

Keys start with qck_ and are 32 characters long.

Terminal window
curl https://qck.sh/public-api/v1/links \
-H "X-API-Key: qck_your_api_key_here"
const res = await fetch('https://qck.sh/public-api/v1/links', {
headers: { 'X-API-Key': 'qck_your_api_key_here' },
});
import requests
res = requests.get(
'https://qck.sh/public-api/v1/links',
headers={'X-API-Key': 'qck_your_api_key_here'}
)

Each key has granular scopes. Assign only what you need:

PermissionAccess
links:readList and get links
links:writeCreate and update links
links:deleteDelete links
analytics:readQuery click analytics
domains:readList custom domains
domains:writeCreate and manage custom domains
webhooks:readList webhooks and deliveries
webhooks:writeCreate, update, delete webhooks
conversions:readQuery conversion data
journey:readQuery journey sessions and events
journey:writeIngest journey events

Restrict a key to specific IPs. Requests from other IPs get 403 Forbidden.

TierKeys
Free1
Basic ($19/mo)3
Growth ($49/mo)10
Pro ($99/mo)25
Business ($249/mo)50
  • Keys are stored as SHA-256 hashes, never in plaintext
  • The full key is shown only once at creation
  • Revoked keys are immediately invalidated