Skip to content

REST API

Short URL provides a JSON REST API for programmatic access to URL expansion and statistics. All endpoints require the Access Short URL API permission.

Endpoints

Expand a slug

GET /api/shorturl/expand/{slug}

Resolves a short URL slug to its destination.

Response (200):

{
  "destination": "https://www.example.com/target-page",
  "langcode": "en",
  "full_url": "https://example.com/promo"
}

Response (404):

{
  "error": "Short URL not found."
}

Statistics for a short URL

GET /api/shorturl/stats/{nid}

Returns visit statistics for a specific short URL node.

Response (200):

{
  "created": 1710000000,
  "total_visits": 1234,
  "visits_24h": 42,
  "visits_7d": 287,
  "visits_30d": 891,
  "avg_per_day_all": "18.2",
  "avg_per_day_7d": "41.0",
  "avg_per_day_30d": "29.7",
  "best_day": {
    "date": "2026-03-10",
    "count": 98
  },
  "direct_visits": 456,
  "referred_visits": 778,
  "referrers": {
    "https://www.google.com/": 312,
    "https://twitter.com/": 198
  },
  "countries": {
    "US": 401,
    "FR": 187,
    "DE": 95
  },
  "visits_per_day": {
    "2026-03-01": 28,
    "2026-03-02": 35
  }
}

Error responses:

  • 400 — node is not a short URL
  • 404 — node not found
  • 501 — statistics not supported (visit tracker override)

Global database statistics

GET /api/shorturl/db-stats

Returns aggregate counts across all short URLs.

Response (200):

{
  "total_links": 42,
  "total_visits": 15678
}

Authentication

The API uses Drupal's standard authentication. For session-based access (browser), ensure the user has the Access Short URL API permission. For headless or external clients, configure an authentication module such as Simple OAuth or use Basic Auth.

Rate limiting

The module does not implement rate limiting. For production APIs, consider using a reverse proxy (nginx, Varnish) or a Drupal module to enforce rate limits.