Skip to content

Overview & auth

The xengo API is plain REST + JSON. Everything you can do in the console, you can do in code — create and re-point links, bulk-import, pull analytics, render QR codes and manage notification channels.

Base URL: https://api.neon.xengo.io
Spec: https://api.neon.xengo.io/v1/openapi.json (OpenAPI 3.1, public)

API access is included from the Pro plan (£39/mo); Business and Enterprise add higher rate limits.

Create keys in the console under API Keys. Keys look like xgo_live_… / xgo_test_…, are stored hashed, and are shown once at creation — same one-time model as webhook signing secrets. Up to 25 keys per account.

Send the key either way:

Terminal window
curl https://api.neon.xengo.io/v1/links \
-H "Authorization: Bearer $XENGO_API_KEY"
# or
curl https://api.neon.xengo.io/v1/links \
-H "x-api-key: $XENGO_API_KEY"

Each key carries scopes chosen at creation — grant only what the integration needs:

Scope Allows
links:read List and fetch links
links:write Create, update, bulk-create, delete links
analytics Tenant-wide and per-link analytics
qr QR rendering
notifications List/create/delete notification channels

A request outside the key’s scopes returns 403 with "code": "insufficient_scope".

Terminal window
curl -X POST https://api.neon.xengo.io/v1/links \
-H "Authorization: Bearer $XENGO_API_KEY" \
-H "Content-Type: application/json" \
-d '{ "destination": "https://example.com/offer", "code": "offer24" }'
{
"code": "offer24",
"domain": "go.xgo.fi",
"shortUrl": "https://go.xgo.fi/offer24",
"destination": "https://example.com/offer",
"status": "active",
"tags": {},
"notifyChannels": [],
"createdAt": "2026-07-12T14:00:00+00:00"
}
  • Same enforcement as the console — plan quotas, safety screening and billing state apply identically to API calls.
  • Rate limits are per plan and enforced per minute — over-limit calls get a proper 429 with Retry-After. See Errors & rate limits.
  • Destinations are screened — a malicious URL is rejected at create time, API or console alike.