REST API for developers

A link in bio API for apps and automations

Connect internal tools, campaign workflows, and creator applications to Biolinky through a versioned REST API. Use the same permission model as MCP when your integration needs direct HTTP requests and predictable JSON responses.

Quick answer

The Biolinky link in bio API lets an authorized application read and manage page content programmatically. It is designed for explicit bearer authentication, page-bound access, validated inputs, and revocable credentials.

  • Versioned REST endpoints with an OpenAPI 3.1 document
  • Bearer authentication through OAuth tokens or personal keys
  • Idempotency and revision controls for safer writes
  • Rate limits and request IDs for observable integrations

Link in bio API or MCP: which should you use?

Use the REST API when your code already knows the exact operation it needs to perform. A scheduled job, an internal campaign tool, or a custom dashboard can call a documented endpoint and handle a typed JSON response. REST is a direct fit for conventional application development and server-to-server workflows.

Use MCP when an AI client should discover the available tools and choose an appropriate call from natural-language instructions. Both surfaces work with the same underlying Biolinky page and the same principle of narrow authorization. Many systems use both: REST for deterministic production jobs and MCP for supervised agent work.

Neither option requires sharing the user’s normal login password. The integration uses a separate token that can be scoped, expired, rotated, and revoked.

What you can build with the Biolinky API

The API is useful wherever a link page is the final publishing step in a larger workflow. A content platform can update an approved destination when a campaign goes live. A creator operations tool can read recent analytics alongside publishing data. A brand system can keep display copy and social destinations aligned with a source of truth.

Integrations should stay explicit. Read the current page, use its object identifiers and revision, submit only the intended changes, and store the returned request ID when a job needs to be audited or debugged.

  • Synchronize an approved campaign URL from an internal CMS.
  • Create, edit, reorder, archive, and restore page links.
  • Keep profile copy and social destinations aligned across systems.
  • Read recent page and link analytics for reporting.
  • Build a custom interface on top of a scoped creator connection.

A reliable integration pattern

Create a dedicated credential for one environment and one purpose. Store it in the secret manager used by your deployment platform, never in client-side JavaScript. Before a mutation, fetch the current resource and retain its revision. Include an idempotency key when retrying create operations so a network timeout does not create duplicates.

Handle rate-limit and conflict responses deliberately. Back off when the API asks you to slow down, and re-read a resource when its revision has changed. Log request IDs and high-level outcomes, but redact authorization headers and content that does not need to be retained.

  1. Step 1

    Create a scoped credential

    Bind access to the intended page and smallest required scopes.

  2. Step 2

    Read the API contract

    Use the published OpenAPI document as the source for requests.

  3. Step 3

    Implement safe retries

    Use idempotency keys, revisions, backoff, and request IDs.

  4. Step 4

    Rotate and monitor

    Review usage and revoke credentials when the integration ends.

Link in bio API security checklist

Treat a Biolinky API key like any other production secret. Send it only over HTTPS in the Authorization header. Do not place it in query strings, analytics events, browser storage, source maps, screenshots, issue trackers, or example code committed to a repository.

Use OAuth when an application connects pages belonging to other users, because each user can review and approve the requested access. Personal keys are intended for the account owner’s trusted tools. In both cases, enforce your own authorization around any interface you place in front of the API.

Frequently asked questions

Does Biolinky have a REST API?
Yes. Biolinky exposes versioned REST endpoints and an OpenAPI 3.1 document for authorized profile, link, social, and analytics operations.
Where is the Biolinky API documentation?
The machine-readable OpenAPI document is available at /api/v1/openapi.json. Setup and authorization guidance is available on the API and MCP page.
Can I use the API from a browser?
Do not expose a personal API key in browser code. Call the API from a trusted server, or use an OAuth flow designed for user authorization.
What is the difference between an API key and OAuth?
A personal key is created by an account owner for a trusted tool. OAuth lets a third-party client request access and lets the user approve that access through Biolinky.

Sources and further reading