Link Shield

DocsExplore the API in minutesURL Scanning APIDetect phishing, malware, and suspicious links with an AI-assisted URL scanning API built for your stack. Start free trial View pricing Read the blog Real-time scoringTransparent insightsUsage-based pricingLive scanCheck any URL nowAPI-readySearchScanBuilt for developersProtection built into every scan.Stay ahead of phishing, malware, and fraud with real-time analysis and transparent scoring details.CategoriesScan phishing, malware, scam, adult, dating, gambling, crypto, and spam with one API.phishingmalwarescamadultdatinggamblingcryptospamBulk URL scoringSend batches of URLs in a single request and get per-link risk scores back fast.Actionable risk scoreEvery scan returns a 0-100 score plus reasons so you can block, warn, or allow with confidence.Redirect-aware detectionUnwrap short links and follow chains to catch hidden destinations before they surprise users.Fast integrationSimple REST endpoints and clear docs make it easy to add LinkShield across your stack.FAQCommonly Ask QuestionsWhat does Link Shield actually check when a URL is scanned?A scan is meant to be more useful than a simple blacklist lookup. Link Shield evaluates the URL itself, looks for suspicious patterns, reviews redirect behavior when a link tries to hide its destination, and returns a risk score with reasoning so your team can understand why a link looks safe, questionable, or high risk.Is this only for phishing links?No. Phishing is one of the most common use cases, but teams also use Link Shield to catch malware, scams, spammy destinations, risky adult or gambling links, suspicious crypto pages, and other traffic they do not want flowing through their product. That is especially helpful if users can submit or share links inside your app.Do you follow redirects and short links?Yes. Redirect-aware scanning is one of the biggest reasons teams use Link Shield. If a short link or redirect chain is trying to hide the final destination, the scan can surface that behavior so you are not making a decision on the first URL alone.What does the risk score mean?Each scan returns a score from 0 to 100. Lower scores generally indicate less suspicious behavior, while higher scores suggest stronger warning signals. Most teams use that score alongside the reason text to decide whether they want to allow a link silently, show a warning, queue it for review, or block it outright."Powered by LinkShield, T.LY URL Shortener safeguards millions of links every day, proactively blocking phishing, malware, and scam threats to keep users safe." --- PricingPricing That Grows With Your Scans.Start with a 5-day free trial. Upgrade as your scan volume grows.MonthlyToggle billing interval Yearly save 1 monthHobbyFor side projects and internal tools.$10/moBilled monthly10,000 scans per monthAPI accessEmail supportBasic analytics Start free trial ProFor growing products and teams.Most popular$100/moBilled monthly100,000 scans per monthPriority scanningTeam seats Start free trial BusinessFor high volume protection at scale.$1,000/moBilled monthly1,000,000 scans per monthTeam seatsCustom thresholdsDedicated successSLA support Start free trial Every plan includesCore protection features you can ship with confidence.Real-time scoring with transparent signalsRedirect chain analysis and short link expandingSecure API keys and audit-ready logsNeed more coverage?We can tailor limits, SLAs, and volume discounts for your team. If you are still comparing options, the API docs cover the common rollout and implementation questions.Contact Support --- Link Shield BlogSecurity BlogCase studies and technical breakdowns on phishing kits, malicous domains, report abuse, redirects, and evasive link infrastructure.SecurityCase studiesTechnical breakdownsPhishingMaliciousStart with the URLA close review of the phishing URL `gixon.sbs/_wildcard_.gixon.sbs/views/`, including the brand mismatch, wildcard clues, credential-harvest UX, and infrastructure patterns that make it dangerous.Tim LelandMarch 21, 20266 min readPhishingMaliciousPhishing Kit Domain ChurnWildcard routing and fast domain churn make phishing infrastructure more disposable, more flexible, and harder to pin to a single hostname. Here is what defenders should log when they see it.Tim LelandMarch 21, 20263 min readMaliciousRedirect Chain AnalysisStatic blocklists usually score the first URL they see. Attackers know that. Redirect-chain analysis is what reveals the real destination, the evasive hops, and the evidence hidden in transit.Tim LelandMarch 20, 20263 min readMaliciousCompetitor Spam ReportsBad actors do not just abuse links. They also abuse the systems meant to report them. Here is how spam-report floods get manufactured and what defenders should score instead of raw report volume.Tim LelandMarch 19, 20265 min read --- MENU bash javascript php python Introduction Authenticating requests Endpoints Score a URL for threats. Score multiple URLs for threats. List threat logs for the authenticated user. View Postman collection View OpenAPI spec Last updated: March 25, 2026 Introduction API platform that leverages the power of AI to detect malicious URLs and protect your online security. Base URL: https://linkshieldapi.com This documentation aims to provide all the information you need to work with our API. An account with a valid API token is required to use the API.. As you scroll, you'll see code examples for working with the API in different programming languages in the dark area to the right (or as part of the content on mobile). You can switch the language used with the tabs at the top right (or from the nav menu at the top left on mobile). Authenticating requests Authenticate requests to this API's endpoints by sending an Authorization header with the value "Bearer {YOUR_API_KEY}". All authenticated endpoints are marked with a requires authentication badge in the documentation below. You can retrieve your token by creating an account then creating an API token. Endpoints Score a URL for threats. requires authentication Example request: curl --request POST \ "https://linkshieldapi.com/api/v1/link/score" \ --header "Authorization: Bearer {YOUR_API_KEY}" \ --header "Content-Type: application/json" \ --header "Accept: application/json" \ --data "{ \"url\": \"https:\\/\\/example.com\", \"tag\": \"your_tag_here\", \"follow_redirects\": false, \"categories\": [ \"phishing\", \"malware\", \"scam\", \"adult\", \"dating\", \"gambling\", \"crypto\", \"spam\" ] }" const url = new URL( "https://linkshieldapi.com/api/v1/link/score" ); const headers = { "Authorization": "Bearer {YOUR_API_KEY}", "Content-Type": "application/json", "Accept": "application/json", }; let body = { "url": "https:\/\/example.com", "tag": "your_tag_here", "follow_redirects": false, "categories": [ "phishing", "malware", "scam", "adult", "dating", "gambling", "crypto", "spam" ] }; fetch(url, { method: "POST", headers, body: JSON.stringify(body), }).then(response => response.json()); $client = new \GuzzleHttp\Client(); $response = $client->post( 'https://linkshieldapi.com/api/v1/link/score', [ 'headers' => [ 'Authorization' => 'Bearer {YOUR_API_KEY}', 'Content-Type' => 'application/json', 'Accept' => 'application/json', ], 'json' => [ 'url' => 'https://example.com', 'tag' => 'your_tag_here', 'follow_redirects' => false, 'categories' => [ 'phishing', 'malware', 'scam', 'adult', 'dating', 'gambling', 'crypto', 'spam', ], ], ] ); $body = $response->getBody(); print_r(json_decode((string) $body)); import requests import json url = 'https://linkshieldapi.com/api/v1/link/score' payload = { "url": "https:\/\/example.com", "tag": "your_tag_here", "follow_redirects": false, "categories": [ "phishing", "malware", "scam", "adult", "dating", "gambling", "crypto", "spam" ] } headers = { 'Authorization': 'Bearer {YOUR_API_KEY}', 'Content-Type': 'application/json', 'Accept': 'application/json' } response = requests.request('POST', url, headers=headers, json=payload) response.json() Example response (200): { "id": 123, "url": "https://example.xyz", "tag": "your_tag_here", "risk_score": 12, "reason": "Suspicious TLD (.xyz)", "domain_flagged": false, "url_flagged": false, "ai_flagged": false, "flagged_categories": [ "phishing" ], "final_url": "https://example.xyz/login", "created_at": "2024-01-01T12:00:00.000000Z", "updated_at": "2024-01-01T12:00:00.000000Z" } Received response: Request failed with error: Request Try it out ⚡ Cancel 🛑 Send Request 💥 POST api/v1/link/score Headers Authorization Example: Bearer {YOUR_API_KEY} Content-Type Example: application/json Accept Example: application/json Body Parameters url string The URL to scan. Example: https://example.com tag string optional Optional. Tag to associate with the scan (e.g., a URL). Example: your_tag_here follow_redirects boolean optional true false Optional. Follow redirects and score the final URL. Example: false categories string[] optional Optional. Categories to scan. Allowed: phishing, malware, scam, adult, dating, gambling, crypto, spam. If omitted or empty, scans all categories. * string optional Category slug. Example: phishing Score multiple URLs for threats. requires authentication Example request: curl --request POST \ "https://linkshieldapi.com/api/v1/link/bulk-score" \ --header "Authorization: Bearer {YOUR_API_KEY}" \ --header "Content-Type: application/json" \ --header "Accept: application/json" \ --data "{ \"urls\": [ \"https:\\/\\/example.com\", \"https:\\/\\/bad.test\" ], \"follow_redirects\": false, \"categories\": [ \"phishing\", \"malware\", \"scam\", \"adult\", \"dating\", \"gambling\", \"crypto\", \"spam\" ] }" const url = new URL( "https://linkshieldapi.com/api/v1/link/bulk-score" ); const headers = { "Authorization": "Bearer {YOUR_API_KEY}", "Content-Type": "application/json", "Accept": "application/json", }; let body = { "urls": [ "https:\/\/example.com", "https:\/\/bad.test" ], "follow_redirects": false, "categories": [ "phishing", "malware", "scam", "adult", "dating", "gambling", "crypto", "spam" ] }; fetch(url, { method: "POST", headers, body: JSON.stringify(body), }).then(response => response.json()); $client = new \GuzzleHttp\Client(); $response = $client->post( 'https://linkshieldapi.com/api/v1/link/bulk-score', [ 'headers' => [ 'Authorization' => 'Bearer {YOUR_API_KEY}', 'Content-Type' => 'application/json', 'Accept' => 'application/json', ], 'json' => [ 'urls' => [ 'https://example.com', 'https://bad.test', ], 'follow_redirects' => false, 'categories' => [ 'phishing', 'malware', 'scam', 'adult', 'dating', 'gambling', 'crypto', 'spam', ], ], ] ); $body = $response->getBody(); print_r(json_decode((string) $body)); import requests import json url = 'https://linkshieldapi.com/api/v1/link/bulk-score' payload = { "urls": [ "https:\/\/example.com", "https:\/\/bad.test" ], "follow_redirects": false, "categories": [ "phishing", "malware", "scam", "adult", "dating", "gambling", "crypto", "spam" ] } headers = { 'Authorization': 'Bearer {YOUR_API_KEY}', 'Content-Type': 'application/json', 'Accept': 'application/json' } response = requests.request('POST', url, headers=headers, json=payload) response.json() Example response (200): { "scores": [ { "id": 123, "url": "https://example.xyz", "tag": "your_tag_here", "risk_score": 12, "reason": "Suspicious TLD (.xyz)", "domain_flagged": false, "url_flagged": false, "ai_flagged": false, "flagged_categories": [ "phishing" ], "final_url": "https://example.xyz/login", "created_at": "2024-01-01T12:00:00.000000Z", "updated_at": "2024-01-01T12:00:00.000000Z" } ] } Received response: Request failed with error: Request Try it out ⚡ Cancel 🛑 Send Request 💥 POST api/v1/link/bulk-score Headers Authorization Example: Bearer {YOUR_API_KEY} Content-Type Example: application/json Accept Example: application/json Body Parameters urls string[] List of URLs to scan (max 10). * string URL to scan. Example: https://example.com follow_redirects boolean optional true false Optional. Follow redirects and score the final URL. Example: false categories string[] optional Optional. Categories to scan. Allowed: phishing, malware, scam, adult, dating, gambling, crypto, spam. If omitted or empty, scans all categories. * string optional Category slug. Example: phishing List threat logs for the authenticated user. requires authentication Example request: curl --request GET \ --get "https://linkshieldapi.com/api/v1/link/list?page=1&tag=tag-123&flagged_categories[]=phishing&flagged_categories[]=scam" \ --header "Authorization: Bearer {YOUR_API_KEY}" \ --header "Content-Type: application/json" \ --header "Accept: application/json" const url = new URL( "https://linkshieldapi.com/api/v1/link/list" ); const params = { "page": "1", "tag": "tag-123", "flagged_categories[0]": "phishing", "flagged_categories[1]": "scam", }; Object.keys(params) .forEach(key => url.searchParams.append(key, params[key])); const headers = { "Authorization": "Bearer {YOUR_API_KEY}", "Content-Type": "application/json", "Accept": "application/json", }; fetch(url, { method: "GET", headers, }).then(response => response.json()); $client = new \GuzzleHttp\Client(); $response = $client->get( 'https://linkshieldapi.com/api/v1/link/list', [ 'headers' => [ 'Authorization' => 'Bearer {YOUR_API_KEY}', 'Content-Type' => 'application/json', 'Accept' => 'application/json', ], 'query' => [ 'page' => '1', 'tag' => 'tag-123', 'flagged_categories[0]' => 'phishing', 'flagged_categories[1]' => 'scam', ], ] ); $body = $response->getBody(); print_r(json_decode((string) $body)); import requests import json url = 'https://linkshieldapi.com/api/v1/link/list' params = { 'page': '1', 'tag': 'tag-123', 'flagged_categories[0]': 'phishing', 'flagged_categories[1]': 'scam', } headers = { 'Authorization': 'Bearer {YOUR_API_KEY}', 'Content-Type': 'application/json', 'Accept': 'application/json' } response = requests.request('GET', url, headers=headers, params=params) response.json() Example response (200): { "current_page": 1, "data": [ { "id": 123, "url": "https://example.xyz", "tag": "your_tag_here", "risk_score": 12, "reason": "Suspicious TLD (.xyz)", "domain_flagged": false, "url_flagged": false, "ai_flagged": false, "flagged_categories": [ "phishing" ], "final_url": "https://example.xyz/login", "created_at": "2024-01-01T12:00:00.000000Z", "updated_at": "2024-01-01T12:00:00.000000Z" } ], "first_page_url": "https://example.test/api/v1/link/list?page=1", "from": 1, "next_page_url": null, "path": "https://example.test/api/v1/link/list", "per_page": 15, "prev_page_url": null, "to": 1 } Received response: Request failed with error: Request Try it out ⚡ Cancel 🛑 Send Request 💥 GET api/v1/link/list Headers Authorization Example: Bearer {YOUR_API_KEY} Content-Type Example: application/json Accept Example: application/json Query Parameters page integer optional Optional. Page number for pagination. Example: 1 tag string optional Optional. Filter logs by tag (exact match). Example: tag-123 flagged_categories string[] optional Optional. Filter logs by flagged categories (any match). bash javascript php python