Tiny Rebrand DocsHome

Quick Start Guide

Get up and running with TinyRebrand's OAuth 2.0 API in minutes

This guide will walk you through making your first API call to TinyRebrand's API. You have two authentication options:

  • OAuth 2.0: Full-featured authentication with automatic token refresh
  • Personal Access Tokens: Simple, long-lived tokens perfect for scripts and CI/CD

Option 1: OAuth 2.0 Authentication

Best for applications that need automatic token refresh and user delegation.

1
Get Access Token
Authenticate with your TinyRebrand credentials

Make a POST request to the token endpoint with your credentials:

curl -X POST https://api.tinyrebrand.com/api/oauth/token \
  -H "Content-Type: application/json" \
  -d '{
    "grant_type": "password",
    "client_id": "web-client",
    "username": "[email protected]",
    "password": "your-password"
  }'
2
Handle the Response
Extract the access token from the response

Successful authentication returns an access token:

{
  "status": 200,
  "code": "OK",
  "message": "Login successful",
  "data": {
    "access_token": "at_1234567890abcdef",
    "refresh_token": "rt_abcdef1234567890",
    "token_type": "Bearer",
    "expires_in": 3600,
    "scope": "user:read user:write links:read links:write ...",
    "user": {
      "id": "507f1f77bcf86cd799439011",
      "email": "[email protected]",
      "name": "Your Name"
    },
    "limits": {
      "domains": { "used": 2, "limit": 3 },
      "links": { "used": 150, "limit": 500 }
    }
  }
}
3
Make Your First API Call
Use the access token to fetch your profile

Include the access token in the Authorization header:

curl -X GET https://api.tinyrebrand.com/api/user/me \
  -H "Authorization: Bearer at_1234567890abcdef"
4
Success!
You've successfully authenticated and made your first API call

The API will return your user profile:

{
  "status": 200,
  "code": "OK",
  "message": "User fetched successfully",
  "data": {
    "id": "507f1f77bcf86cd799439011",
    "email": "[email protected]",
    "name": "Your Name",
    "isVerified": true,
    "isActive": true,
    "createdAt": "2024-01-15T10:00:00.000Z"
  }
}

Code Examples

Here are complete examples in different programming languages:
// Node.js with fetch
const response = await fetch('https://api.tinyrebrand.com/api/oauth/token', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({
    grant_type: 'password',
    client_id: 'web-client',
    username: '[email protected]',
    password: 'your-password'
  })
});

const tokenData = await response.json();
const accessToken = tokenData.data.access_token;

// Make authenticated request
const userResponse = await fetch('https://api.tinyrebrand.com/api/user/me', {
  headers: { 'Authorization': `Bearer ${accessToken}` }
});

const userData = await userResponse.json();
console.log(userData);

Option 2: Personal Access Tokens

Simpler authentication method for scripts, CI/CD pipelines, and personal projects.

1
Create a Personal Access Token
Generate a token through the API

First, authenticate with OAuth to create a PAT:

# First, get an OAuth token (as shown above)
# Then create a personal access token
curl -X POST https://api.tinyrebrand.com/api/user/tokens \
  -H "Authorization: Bearer at_oauth_token_here" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "My Script Token",
    "description": "Token for automation scripts",
    "scopes": ["links:read", "links:write", "stats:read"]
  }'
2
Save Your Token
Store the token securely

The response includes your token (shown only once):

{
  "data": {
    "id": "507f1f77bcf86cd799439011",
    "name": "My Script Token",
    "token": "tkn_AbCdEfGhIjKlMnOpQrStUvWxYz0123456789",
    "scopes": ["links:read", "links:write", "stats:read"]
  }
}
3
Use Your Personal Access Token
Make API calls with your PAT

Use the token exactly like an OAuth token:

curl -X GET https://api.tinyrebrand.com/api/user/me \
  -H "Authorization: Bearer tkn_AbCdEfGhIjKlMnOpQrStUvWxYz0123456789"

Personal Access Tokens:

  • Don't expire automatically (unless you set an expiration)
  • Can be revoked anytime through the API
  • Are perfect for automation and scripts
  • Support the same scopes as OAuth tokens

Common Use Cases

First-Party Apps
Use Password Grant for your own applications
Third-Party Apps
Use Authorization Code flow for external integrations

Rate Limits