External scripts should not call a desktop directly or push unauthenticated webhooks into production workflows. API Links accept signed requests, queue work in the cloud, and let the desktop pull jobs outbound.
API Links are signed endpoints for creating link fetch work from external systems. They validate HMAC signatures, reject nonce replays, apply idempotency rules, check quota, create task records, and let a desktop device execute the actual redirect resolution through outbound polling.
The API page now explains the controls in the same order an external system hits them: signed request, replay gate, idempotent retry, quota decision, outbound desktop pickup, and verified result state.
Switch the console to see the exact control, why it exists, and how strongly it protects authentication, replay, and desktop handoff.
The relay verifies the caller and exact request body before any link fetch job can enter the queue.
External clients sign each request so the relay can verify that the caller is allowed to create work.
Nonce checks reject repeated signed requests before they can create duplicate tasks.
Known retries can return known results rather than creating extra task side effects.
Membership and plan limits are checked before expensive work enters the desktop queue.
The web relay stores work, and the desktop pulls jobs outbound so no inbound public tunnel is required.
Results can be consumed by Google Ads, internal tools, or platform workflows without reverse engineering browser output.
A signed request is not treated as success. It becomes a trackable job with clear validation, queueing, execution, and result phases.
Client signs request
External systems include signature, timestamp, nonce, and idempotency context.
Relay validates
The web service checks signature, replay state, quota, and request shape.
Task is created
The platform creates a durable work record for desktop pickup.
Desktop pulls outbound
The local client fetches work from the relay without exposing the machine.
Result is synchronized
The final link, conclusion, and diagnostic state return to the selected data channel.
A signed link fetch endpoint needs to control who called it, whether the request is fresh, whether retry behavior is predictable, whether the plan allows the job, and whether desktop execution can happen without exposing the machine.
HMAC validation binds the caller to the exact request body and makes accidental open webhooks easier to detect.
Timestamps and nonces let the relay reject repeated signed requests before they create duplicate queue records.
Idempotency keys let external systems retry safely when the client times out or a scheduler repeats the same job.
Membership and quota gates stop production integrations from silently exceeding the account boundary.
The web relay stores accepted work while the desktop pulls outbound from the trusted local runtime.
Final URL, conclusion, checked time, error, and skip reason return to the selected source for review or automation.
Generic webhooks are usually easy to trigger but hard to operate. API Links add the controls needed for automated link fetching tied to ads operations.
The page repeats the core answers in short, extractable blocks so search engines and AI answer systems can understand what API Links are, when they matter, and how they differ from a raw webhook.
API Links are signed endpoints that create queued link fetch jobs after HMAC, nonce, idempotency, quota, and payload checks pass.
An external system signs the request, the relay validates gates, a task is queued, and a desktop device pulls the work outbound for local redirect resolution.
Use short-lived timestamps, unique nonces, and idempotency keys so repeated requests are rejected or mapped to the known retry outcome.
No. API Links queue work in the cloud relay, and the desktop retrieves accepted jobs through outbound polling.
Yes, when the script can create the expected signed request and consume verified result state instead of mutating campaigns from raw links.
Use API Links when internal tools, schedulers, client portals, or Google Ads utilities need to trigger link fetch work programmatically.
API Links create more than a task. They connect caller identity, payload shape, quota decision, queue state, desktop device, redirect result, and downstream consumer in one chain.
The caller sends tracking URL, source reference, expected destination context, timestamp, nonce, idempotency key, and HMAC signature.
The relay accepts only valid signed work, records the queue boundary, applies membership and quota checks, and exposes a stable job record.
The desktop pulls work outbound, follows the tracking link in the local runtime, and returns structured result state for the configured source.
Yes, when configured with the correct signing flow and quota. Scripts can trigger or consume workflows through stable web contracts.
No. API Links queue work in the cloud. The desktop retrieves work outbound from the relay.
Idempotency lets a retry return a known result instead of creating duplicate queue entries or conflicting row updates.
API Links are a production integration surface and are intended for Pro workflows.