External systems should be able to request link resolution without becoming the execution engine. This playbook makes signed requests, queueing, desktop pickup, and result delivery a controlled contract.
External systems should trigger link fetch work by building a structured payload, signing it with HMAC, sending timestamp, nonce, and idempotency controls, letting the relay validate quota and replay safety, queueing a task, letting the desktop pull and resolve the link outbound, and returning result state to the caller or active source.
External systems should be able to request link resolution without becoming the execution engine. This playbook makes signed requests, queueing, desktop pickup, and result delivery a controlled contract.
External systems should trigger link fetch work by building a structured payload, signing it with HMAC, sending timestamp, nonce, and idempotency controls, letting the relay validate quota and replay safety, queueing a task, letting the desktop pull and resolve the link outbound, and returning result state to the caller or active source.
A request without payload proof cannot safely create operational link work.
Include tracking URL, source, row ID, caller context, and idempotency key.
API key, HMAC signature, timestamp, and nonce validation.
Each topic page is shaped around extractable answers, operational risk, workflow steps, and next-page routing so searchers do not hit a dead end after the first answer.
External systems should trigger link fetch work by building a structured payload, signing it with HMAC, sending timestamp, nonce, and idempotency controls, letting the relay validate quota and replay safety, queueing a task, letting the desktop pull and resolve the link outbound, and returning result state to the caller or active source.
A request without payload proof cannot safely create operational link work.
Include tracking URL, source, row ID, caller context, and idempotency key.
API key, HMAC signature, timestamp, and nonce validation.
A generic webhook can create duplicate work, stale requests, or unauthenticated operational changes. API Links make those risks explicit.
A request without payload proof cannot safely create operational link work.
Old requests can be resent unless timestamp and nonce controls are enforced.
Network retries should return a known result instead of creating repeated work.
The relay should reject work that exceeds membership or plan limits before desktop pickup.
External callers should not require inbound access to a local machine.
Callers need a structured way to understand queued, running, valid, failed, or skipped jobs.
The API layer validates intent and safety. The desktop still owns local redirect resolution.
Build payload
Include tracking URL, source, row ID, caller context, and idempotency key.
Sign with HMAC
Compute the signature over timestamp, nonce, and the exact JSON body.
Validate at relay
Check API key, signature, freshness window, nonce replay, payload shape, and quota.
Queue task
Create one work record for the logical job and preserve idempotent retry behavior.
Desktop pulls
Let the linked desktop fetch work outbound and resolve the redirect locally.
Return result state
Expose final URL, conclusion, error, checked time, and queue state to the caller or active source.
Both can start work, but only one gives production teams a full security and result-state contract.
Each topic page now repeats the core answer in several machine-readable shapes: risks, workflow checkpoints, and decision criteria. The content stays useful for humans while giving crawlers stronger entities and internal anchors.
No. The web relay validates the request and queues work. The desktop later pulls the task outbound.
Nonce blocks replay of the same signed request. Idempotency makes intentional retries for the same logical job predictable.
Yes. Internal tools, schedulers, and platforms can sign API Link requests when they need controlled link fetch work.
Callers should expect queued or completed task state, final URL evidence, conclusion, error context, and checked time.