ccomprs.me API v1 ← Back to site

Compress Me API

Create short links programmatically. The API runs the same validation, safety, and slug-allocation pipeline as the dashboard, so API-created links behave identically to ones you make by hand.

Base URL: https://comprs.me Auth: Bearer key Business plan OpenAPI spec ↓

Authentication

Every request must carry an API key as a bearer token.

Authorization: Bearer cmpr_live_<your-key>

API keys are created and revoked from your dashboard under Settings, and are available on the Business plan. A key's full value is shown once at creation — store it somewhere safe; it can't be retrieved again.

Keys carry a scope of either read or read_write. Creating links requires a read_write key.

Keep keys server-side. Treat an API key like a password — never embed it in client-side code, mobile apps, or public repositories. If a key is exposed, revoke it in the dashboard and mint a new one.

Rate limits

Two ceilings apply per account, and a third protects against credential guessing:

LimitValueOn breach
Per minute60 requests429 with Retry-After: 60
Per dayPlan-defined cap429 with Retry-After: 3600
Failed auth (per IP)20 / hour429 with Retry-After: 3600

When you hit a limit, the response includes a Retry-After header telling you how many seconds to wait. Back off and retry rather than hammering the endpoint.

Error format

Every error — at any status code — returns the same JSON shape. Branch your code on the stable code field, not on the human-readable error message (which may be reworded).

{
  "ok": false,
  "error": "Invalid, revoked, or expired API key.",
  "code": "invalid_key"
}

Responses are always application/json and are never cached. See the full error-code reference below.

Create a link

POST/v1/links

Creates a short link for the authenticated account. Requires a read_write key.

Request body

JSON object. url is the only required field.

FieldTypeDescription
urlstringrequiredThe destination URL. If you omit the scheme, https:// is prepended automatically.
custom_slugstringoptionalA custom short code (3–20 letters and numbers). Must be available and pass validation; some short or premium slugs require a higher tier. Omit to get a random slug. Alias: slug.
expirystringoptionalOne of never (default), 24h, 7d, 30d. Any other value is treated as never.

Example request

curl -X POST https://comprs.me/v1/links \
  -H "Authorization: Bearer cmpr_live_<your-key>" \
  -H "Content-Type: application/json" \
  -d '{"url":"https://example.com/a/very/long/path","expiry":"30d"}'

Response 201 Created

FieldTypeDescription
okbooleanAlways true on success.
slugstringThe allocated short code.
short_urlstringThe full short link.
qr_pngstringURL of a PNG QR code for the link.
qr_svgstringURL of an SVG QR code for the link.
expires_atstring | nullYYYY-MM-DD HH:MM:SS (server time), or null when the link never expires.
{
  "ok": true,
  "slug": "aB3xZ9",
  "short_url": "https://comprs.me/aB3xZ9",
  "qr_png": "https://comprs.me/qr/aB3xZ9.png",
  "qr_svg": "https://comprs.me/qr/aB3xZ9.svg",
  "expires_at": "2026-07-05 14:30:00"
}

List links

GET/v1/links

Returns your links, newest first. Requires a read key (a read_write key also works).

Query parameters

ParamTypeDescription
limitintegeroptionalHow many to return, 1–100. Default 25.
offsetintegeroptionalHow many to skip, for paging. Default 0.

Example request

curl "https://comprs.me/v1/links?limit=25&offset=0" \
  -H "Authorization: Bearer cmpr_live_<your-key>"

Response 200 OK

A data array of link objects plus a pagination block (total is the full count across all pages).

{
  "ok": true,
  "data": [ { /* link objects — see "Get a link" below */ } ],
  "pagination": { "total": 42, "limit": 25, "offset": 0 }
}

Get a link

GET/v1/links/{slug}

Fetches one link you own. Requires a read key. Returns 404 if the slug doesn't exist or belongs to another account — existence is never revealed across accounts.

Example request

curl https://comprs.me/v1/links/aB3xZ9 \
  -H "Authorization: Bearer cmpr_live_<your-key>"

Response 200 OK — the link object

FieldTypeDescription
slugstringThe short code.
short_urlstringThe full short link.
long_urlstringThe destination URL.
qr_png / qr_svgstringQR code image URLs.
clicksintegerTotal recorded clicks.
last_clicked_atstring | nullMost recent click time, or null.
expires_atstring | nullExpiry time, or null when never.
created_atstringWhen the link was created.
is_custombooleanWhether the slug was user-chosen.
disabledbooleanWhether the link is disabled (stops redirecting).
flaggedbooleanWhether the link is flagged for review.
{
  "ok": true,
  "slug": "aB3xZ9",
  "short_url": "https://comprs.me/aB3xZ9",
  "long_url": "https://example.com/path",
  "qr_png": "https://comprs.me/qr/aB3xZ9.png",
  "qr_svg": "https://comprs.me/qr/aB3xZ9.svg",
  "clicks": 128,
  "last_clicked_at": "2026-07-01 09:12:44",
  "expires_at": null,
  "created_at": "2026-06-20 14:30:00",
  "is_custom": false,
  "disabled": false,
  "flagged": false
}

Delete a link

DELETE/v1/links/{slug}

Permanently deletes a link you own, along with its click history. Requires a read_write key. This cannot be undone.

Example request

curl -X DELETE https://comprs.me/v1/links/aB3xZ9 \
  -H "Authorization: Bearer cmpr_live_<your-key>"

Response 200 OK

{
  "ok": true,
  "deleted": true,
  "slug": "aB3xZ9"
}
Deleting a slug that's already gone — or one you don't own — returns 404 not_found.

Error codes

Each error returns a stable code alongside its HTTP status.

StatusCodeMeaning
400invalid_bodyBody wasn't a JSON object with a url field.
401missing_authNo API key was sent.
401invalid_keyKey is unknown, revoked, or expired.
403account_inactiveThe account is not active.
403api_not_in_planAPI access requires the Business plan.
403insufficient_scopeA read-only key was used for a write.
409slug_takenThe requested custom_slug is already in use.
422invalid_urlNot a valid http/https URL.
422unsafe_urlThe URL was flagged by malicious-URL filtering.
422slug_invalidThe custom slug failed validation — see the error field.
429rate_limitedA rate limit was reached; see Retry-After.
405method_not_allowedOnly POST is supported on this endpoint in v1.
404not_foundNo such API endpoint.
503allocation_failedCouldn't allocate a unique slug; transient, retry.
500server_errorUnexpected server error.