Quick Start Guide
Get up and running with TinyRebrand's OAuth 2.0 API in minutes
This guide will walk you through making your first API call to TinyRebrand's API. You have two authentication options:
- OAuth 2.0: Full-featured authentication with automatic token refresh
- Personal Access Tokens: Simple, long-lived tokens perfect for scripts and CI/CD
Prerequisites: You'll need a TinyRebrand account to follow this guide.Sign Up
Option 1: OAuth 2.0 Authentication
Best for applications that need automatic token refresh and user delegation.
1
Get Access Token
Authenticate with your TinyRebrand credentials
Make a POST request to the token endpoint with your credentials:
curl -X POST https://api.tinyrebrand.com/api/oauth/token \
-H "Content-Type: application/json" \
-d '{
"grant_type": "password",
"client_id": "web-client",
"username": "[email protected]",
"password": "your-password"
}'2
Handle the Response
Extract the access token from the response
Successful authentication returns an access token:
{
"status": 200,
"code": "OK",
"message": "Login successful",
"data": {
"access_token": "at_1234567890abcdef",
"refresh_token": "rt_abcdef1234567890",
"token_type": "Bearer",
"expires_in": 3600,
"scope": "user:read user:write links:read links:write ...",
"user": {
"id": "507f1f77bcf86cd799439011",
"email": "[email protected]",
"name": "Your Name"
},
"limits": {
"domains": { "used": 2, "limit": 3 },
"links": { "used": 150, "limit": 500 }
}
}
}3
Make Your First API Call
Use the access token to fetch your profile
Include the access token in the Authorization header:
curl -X GET https://api.tinyrebrand.com/api/user/me \
-H "Authorization: Bearer at_1234567890abcdef"4
Success!
You've successfully authenticated and made your first API call
The API will return your user profile:
{
"status": 200,
"code": "OK",
"message": "User fetched successfully",
"data": {
"id": "507f1f77bcf86cd799439011",
"email": "[email protected]",
"name": "Your Name",
"isVerified": true,
"isActive": true,
"createdAt": "2024-01-15T10:00:00.000Z"
}
}Code Examples
Here are complete examples in different programming languages:
// Node.js with fetch
const response = await fetch('https://api.tinyrebrand.com/api/oauth/token', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
grant_type: 'password',
client_id: 'web-client',
username: '[email protected]',
password: 'your-password'
})
});
const tokenData = await response.json();
const accessToken = tokenData.data.access_token;
// Make authenticated request
const userResponse = await fetch('https://api.tinyrebrand.com/api/user/me', {
headers: { 'Authorization': `Bearer ${accessToken}` }
});
const userData = await userResponse.json();
console.log(userData);Option 2: Personal Access Tokens
Simpler authentication method for scripts, CI/CD pipelines, and personal projects.
1
Create a Personal Access Token
Generate a token through the API
First, authenticate with OAuth to create a PAT:
# First, get an OAuth token (as shown above)
# Then create a personal access token
curl -X POST https://api.tinyrebrand.com/api/user/tokens \
-H "Authorization: Bearer at_oauth_token_here" \
-H "Content-Type: application/json" \
-d '{
"name": "My Script Token",
"description": "Token for automation scripts",
"scopes": ["links:read", "links:write", "stats:read"]
}'2
Save Your Token
Store the token securely
The response includes your token (shown only once):
{
"data": {
"id": "507f1f77bcf86cd799439011",
"name": "My Script Token",
"token": "tkn_AbCdEfGhIjKlMnOpQrStUvWxYz0123456789",
"scopes": ["links:read", "links:write", "stats:read"]
}
}Save this token securely! It won't be shown again.
3
Use Your Personal Access Token
Make API calls with your PAT
Use the token exactly like an OAuth token:
curl -X GET https://api.tinyrebrand.com/api/user/me \
-H "Authorization: Bearer tkn_AbCdEfGhIjKlMnOpQrStUvWxYz0123456789"Personal Access Tokens:
- Don't expire automatically (unless you set an expiration)
- Can be revoked anytime through the API
- Are perfect for automation and scripts
- Support the same scopes as OAuth tokens
Common Use Cases
First-Party Apps
Use Password Grant for your own applications
Third-Party Apps
Use Authorization Code flow for external integrations
Rate Limits
Important Limits:
- • Token requests: 5 per minute
- • API requests: 60 per minute
- • All requests must use HTTPS