API Links are for internal tools, scripts, or platforms that need to trigger link resolution work. Authentication must prove the caller, protect against replay, dedupe retries, and let the relay queue desktop-executed jobs safely.
Link Peeler API Links are authenticated with an API key, HMAC signature, timestamp, nonce, idempotency key, and JSON payload. The relay verifies freshness, replay controls, request shape, and quota before creating a job for desktop pickup.
API Links are for internal tools, scripts, or platforms that need to trigger link resolution work. Authentication must prove the caller, protect against replay, dedupe retries, and let the relay queue desktop-executed jobs safely.
Link Peeler API Links are authenticated with an API key, HMAC signature, timestamp, nonce, idempotency key, and JSON payload. The relay verifies freshness, replay controls, request shape, and quota before creating a job for desktop pickup.
Identifies the account and key prefix attached to the external caller.
Include tracking URL, source, row ID, and idempotency key.
API key plus HMAC signature.
Each topic page is shaped around extractable answers, operational risk, workflow steps, and next-page routing so searchers do not hit a dead end after the first answer.
Link Peeler API Links are authenticated with an API key, HMAC signature, timestamp, nonce, idempotency key, and JSON payload. The relay verifies freshness, replay controls, request shape, and quota before creating a job for desktop pickup.
Identifies the account and key prefix attached to the external caller.
Include tracking URL, source, row ID, and idempotency key.
API key plus HMAC signature.
Generic webhook examples usually skip one of these controls. API Links make them part of the contract.
Identifies the account and key prefix attached to the external caller.
Limits the validity window for old or delayed requests.
Prevents the same signed request from being replayed.
Proves the payload and headers were signed with the shared secret.
Makes retries predictable for the same logical link fetch job.
Checks membership and plan limits before work enters the queue.
The authentication flow protects the relay before the desktop ever receives the job.
Create payload
Include tracking URL, source, row ID, and idempotency key.
Generate controls
Create timestamp and nonce for the current request.
Sign body
Compute the HMAC over the exact timestamp, nonce, and JSON body.
Submit request
Send headers and body to the API Link endpoint.
Queue desktop work
After validation, the relay stores work for outbound desktop pickup.
The stricter contract matters because external requests can create paid-traffic operational work.
Each topic page now repeats the core answer in several machine-readable shapes: risks, workflow checkpoints, and decision criteria. The content stays useful for humans while giving crawlers stronger entities and internal anchors.
API key creation stays inside the desktop client so local cache, device state, and cloud inventory remain aligned.
Nonce blocks replay of the same signed request. Idempotency makes intentional retries for the same logical job predictable.
No. The relay validates and queues work. A linked desktop later pulls the job outbound.
Use the API Link signing example for a copyable Node HMAC request skeleton.