Clone this wiki locally
YOURLS allows API calls the old fashioned way, using
password parameters (if your setup is private, obviously). If you're worried about sending your credentials into the wild, you can also make API calls using a secret signature token.
Your secret signature token will be a string like
A secret signature token is unique, associated to one account, and can be used only for API requests. You will find it in the Tools page of your YOURLS install.
NB: Can't see this signature on the Tools page? It's probably because your install is public. Therefore, you don't use a login and password to use it. Therefore there's no signature token to be used instead of a login/password pair.
Usage of the signature token
signature in your API requests. Example:
Usage of a time limited signature token
You can create signature token valid for a short period only (one hour by default)
First, craft the time limited signature token:
<?php $timestamp = time(); $signature = md5( $timestamp . '1002a612b4' ); // Replace with your own secret signature token. Example result: // $signature = "ed8d12124fc7916b00e3ecd7dc2c1d6a" ?>
Now use parameters
timestamp in your API requests. Example:
This URL would be valid for only 43200 seconds (12 hours), the default value of constant
To modify this duration, add the following to your
define( 'YOURLS_NONCE_LIFE', number_of_seconds );
(note this also affect all the internal links of YOURLS such as the ones to activate a plugin, delete a short URL, etc...)
Reset your secret signature token
If for some reason you need to reset your signature (ie to generate a new one while making previous signature inoperative), simply modify the
YOURLS_COOKIEKEY constant in your