Modern URL shortening with QR codes and detailed analytics
v1.0.0URL shortener, QR code generator, and link analytics API. Create short links, generate QR codes, and track click analytics.
⭐ 1· 2.1k·0 current·0 all-time
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (URL shortener, QR, analytics) align with required artifact: a JO4_API_KEY and API endpoints at jo4-api.jo4.io. Nothing requested (no extra credentials or system access) appears out of scope.
Instruction Scope
SKILL.md contains explicit curl commands against documented endpoints and only references the declared JO4_API_KEY environment variable. It does not instruct reading other files, scanning system state, or sending data to unexpected endpoints.
Install Mechanism
No install spec or code files are present (instruction-only), so nothing is written to disk or downloaded during install — lowest-risk install posture.
Credentials
Only one environment variable (JO4_API_KEY) is required and is the expected credential for the service. No unrelated secrets, config paths, or multiple credentials are requested.
Persistence & Privilege
always is false and there is no request to modify other skills or system settings. The skill allows autonomous invocation by default (disable-model-invocation=false), which is platform-normal and not combined with other red flags here.
Assessment
This skill appears coherent, but treat JO4_API_KEY as sensitive: only provide an API key you control and is scoped appropriately. Verify the jo4.io domain and API docs (check TLS cert and site reputation) before entering keys. If possible, create a limited-scope or test API key and monitor its usage/rotation. Review your privacy needs — the service collects click analytics and geolocation/referrer data — and avoid placing a production key in shared environments. If you want to be extra cautious, exercise the anonymous public endpoints first and confirm behavior before granting an authenticated key.Like a lobster shell, security has layers — review code before you run it.
Runtime requirements
🔗 Clawdis
EnvJO4_API_KEY
Primary envJO4_API_KEY
latest
Jo4 - URL Shortener & Analytics API
Jo4 is a modern URL shortening service with QR code generation and detailed link analytics.
Authentication
All protected endpoints require an API key. Set your API key as an environment variable:
export JO4_API_KEY="your-api-key"
Get your API key from: https://jo4.io/api-keys
API Base URL
https://jo4-api.jo4.io/api/v1
Endpoints
Create Short URL (Authenticated)
curl -X POST "https://jo4-api.jo4.io/api/v1/protected/url" \
-H "X-API-Key: $JO4_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"longUrl": "https://example.com/very-long-url",
"title": "My Link"
}'
Request Body:
longUrl(required) - The destination URL (max 2048 chars)title(optional) - Link title (max 200 chars)description(optional) - Link description (max 500 chars)shortUrl(optional) - Custom alias (max 16 chars, alphanumeric/hyphen/underscore)expirationTime(optional) - Unix timestamp for link expirationpasswordProtected(optional) - Boolean to enable password protectionpassword(optional) - Password if protected (4-128 chars)
UTM Parameters:
utmSource,utmMedium,utmCampaign,utmTerm,utmContent
Response:
{
"response": {
"id": 123,
"slug": "abc123",
"shortUrl": "abc123",
"fullShortUrl": "https://jo4.io/a/abc123",
"longUrl": "https://example.com/very-long-url",
"title": "My Link",
"qrCodeUrl": "https://jo4.io/qr/abc123"
}
}
Create Anonymous Short URL (No Auth Required)
curl -X POST "https://jo4-api.jo4.io/api/v1/public/url" \
-H "Content-Type: application/json" \
-d '{"longUrl": "https://example.com"}'
Limited features, no analytics access.
Get URL Details
curl -X GET "https://jo4-api.jo4.io/api/v1/protected/url/{slug}" \
-H "X-API-Key: $JO4_API_KEY"
Get URL Analytics
curl -X GET "https://jo4-api.jo4.io/api/v1/protected/url/{slug}/stats" \
-H "X-API-Key: $JO4_API_KEY"
Response includes:
- Total clicks
- Clicks by date
- Geographic distribution
- Device/browser breakdown
- Referrer sources
List My URLs
curl -X GET "https://jo4-api.jo4.io/api/v1/protected/url/myurls?page=0&size=20" \
-H "X-API-Key: $JO4_API_KEY"
Update URL
curl -X PUT "https://jo4-api.jo4.io/api/v1/protected/url/{id}" \
-H "X-API-Key: $JO4_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"title": "Updated Title",
"longUrl": "https://new-destination.com"
}'
Delete URL
curl -X DELETE "https://jo4-api.jo4.io/api/v1/protected/url/{id}" \
-H "X-API-Key: $JO4_API_KEY"
QR Codes
Every short URL automatically gets a QR code at:
https://jo4.io/qr/{shortUrl}
Rate Limits
Rate limits vary by plan:
- Free: 60 requests/minute
- Pro: Up to 10,000 requests/minute
- Anonymous (public endpoints): 10 requests/minute
API Documentation
Full OpenAPI/Swagger documentation: https://jo4-api.jo4.io/swagger-ui/index.html
Common Use Cases
1. Shorten a URL for sharing
curl -X POST "https://jo4-api.jo4.io/api/v1/protected/url" \
-H "X-API-Key: $JO4_API_KEY" \
-H "Content-Type: application/json" \
-d '{"longUrl": "https://example.com/article", "title": "Article"}'
2. Create campaign tracking link
curl -X POST "https://jo4-api.jo4.io/api/v1/protected/url" \
-H "X-API-Key: $JO4_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"longUrl": "https://mysite.com/landing",
"title": "Q1 Campaign",
"utmSource": "twitter",
"utmMedium": "social",
"utmCampaign": "q1-2026"
}'
3. Create expiring link
curl -X POST "https://jo4-api.jo4.io/api/v1/protected/url" \
-H "X-API-Key: $JO4_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"longUrl": "https://mysite.com/promo",
"title": "Limited Offer",
"expirationTime": 1738454400
}'
Error Codes
| Code | Meaning |
|---|---|
| 400 | Bad request - invalid parameters |
| 401 | Unauthorized - missing or invalid API key |
| 403 | Forbidden - insufficient permissions |
| 404 | Not found - URL doesn't exist |
| 429 | Rate limit exceeded |
Comments
Loading comments...