Create a new data source login link
Bearer token authentication. Include the token in the Authorization header:
Authorization: Bearer <your-token>
Login link creation parameters including data source and expiration settings
{
"ds_id": "GAWA",
"expiry_time": "2026-03-01T23:59:59Z",
"description": "Google Analytics login link for marketing team",
"require_username": "marketing@company.com",
"redirect_url": "https://company.com/auth/success"
}Data source ID
Link expiry time as datetime in ISO 8601 format or relative time string (e.g. "10 hours"). Defaulting to 24 hours from creation time.
Internal description for the link. Not shown during the authentication attempt.
Data source username that needs to be used in authentication attempt. Normally used when renewing existing credentials.
Custom URL to redirect to after successful authentication.
Login link created successfully
Metadata included in every API response.
Unique identifier for the request, for tracking and debugging.
Supermetrics login link ID
Current link status
Internal link description. Not shown during authentication attempt.
Data source ID
Data source name
Data source username that must be used in authentication attempt
Custom URL to redirect to after successful authentication, if any
Internal verifier string that is passed to redirect_url
Supermetrics user ID of the user who will be marked as the primary owner of the login credentials
Supermetrics user email
Full URL to initiate an authentication attempt. Can be accessed multiple times while link is open.
ISO 8601 datetime for when login link was created
ISO 8601 datetime for when login link will expire
Supermetrics login ID for a successful authentication
ISO 8601 datetime for when authentication occurred
Username used to authenticate to data source
Unauthorized
{
"meta": {
"request_id": "BXaEFVtjc7TXaJxgZhmFgSUD9edqq_CN"
},
"error": {
"code": "UNAUTHORIZED",
"message": "Authentication is required."
}
}Standard envelope returned by all error (4xx/5xx) responses.
Metadata included in every API response.
Unique identifier for the request, for tracking and debugging.
Machine- and human-readable detail for a failed request.
Stable, screaming-snake-case identifier for the error condition. Clients should branch on this, not on message. Common values include BAD_REQUEST, UNAUTHORIZED, FORBIDDEN, NOT_FOUND, CONFLICT_ERROR, PERMISSION_ERROR, UNPROCESSABLE_ENTITY, UNPROCESSABLE_CONTENT, TOO_MANY_REQUESTS, INTERNAL_SERVER_ERROR, DUPLICATION_FAILED, SERVICE_UNAVAILABLE; domains may define additional codes.
Short, human-readable summary of the error.
Optional longer explanation specific to this occurrence.
Link Limit Exceeded
Unprocessable Entity - validation failed for the request parameters
{
"meta": {
"request_id": "BXaEFVtjc7TXaJxgZhmFgSUD9edqq_CN"
},
"error": {
"code": "UNPROCESSABLE_ENTITY",
"message": "Validation failed for the request parameters."
}
}Standard envelope returned by all error (4xx/5xx) responses.
Metadata included in every API response.
Unique identifier for the request, for tracking and debugging.
Machine- and human-readable detail for a failed request.
Stable, screaming-snake-case identifier for the error condition. Clients should branch on this, not on message. Common values include BAD_REQUEST, UNAUTHORIZED, FORBIDDEN, NOT_FOUND, CONFLICT_ERROR, PERMISSION_ERROR, UNPROCESSABLE_ENTITY, UNPROCESSABLE_CONTENT, TOO_MANY_REQUESTS, INTERNAL_SERVER_ERROR, DUPLICATION_FAILED, SERVICE_UNAVAILABLE; domains may define additional codes.
Short, human-readable summary of the error.
Optional longer explanation specific to this occurrence.
Too Many Requests
{
"meta": {
"request_id": "BXaEFVtjc7TXaJxgZhmFgSUD9edqq_CN"
},
"error": {
"code": "TOO_MANY_REQUESTS",
"message": "Rate limit exceeded. Retry later."
}
}Standard envelope returned by all error (4xx/5xx) responses.
Metadata included in every API response.
Unique identifier for the request, for tracking and debugging.
Machine- and human-readable detail for a failed request.
Stable, screaming-snake-case identifier for the error condition. Clients should branch on this, not on message. Common values include BAD_REQUEST, UNAUTHORIZED, FORBIDDEN, NOT_FOUND, CONFLICT_ERROR, PERMISSION_ERROR, UNPROCESSABLE_ENTITY, UNPROCESSABLE_CONTENT, TOO_MANY_REQUESTS, INTERNAL_SERVER_ERROR, DUPLICATION_FAILED, SERVICE_UNAVAILABLE; domains may define additional codes.
Short, human-readable summary of the error.
Optional longer explanation specific to this occurrence.
Internal server error
{
"meta": {
"request_id": "BXaEFVtjc7TXaJxgZhmFgSUD9edqq_CN"
},
"error": {
"code": "INTERNAL_SERVER_ERROR",
"message": "An unexpected error occurred."
}
}Standard envelope returned by all error (4xx/5xx) responses.
Metadata included in every API response.
Unique identifier for the request, for tracking and debugging.
Machine- and human-readable detail for a failed request.
Stable, screaming-snake-case identifier for the error condition. Clients should branch on this, not on message. Common values include BAD_REQUEST, UNAUTHORIZED, FORBIDDEN, NOT_FOUND, CONFLICT_ERROR, PERMISSION_ERROR, UNPROCESSABLE_ENTITY, UNPROCESSABLE_CONTENT, TOO_MANY_REQUESTS, INTERNAL_SERVER_ERROR, DUPLICATION_FAILED, SERVICE_UNAVAILABLE; domains may define additional codes.
Short, human-readable summary of the error.
Optional longer explanation specific to this occurrence.