Core Features

DyLy provides a comprehensive set of features designed to give you complete control over your links. This guide explains each core feature in detail, including use cases and best practices.

Default Domain

When you create a project in DyLy, you can specify a custom subdomain to generate your default domain automatically.

How It Works

  • Format: <your-subdomain>.dyly.dev
  • Example: If you choose myapp as your subdomain, your domain becomes myapp.dyly.dev
  • Link Structure: All links created in the project follow the pattern: https://<your-subdomain>.dyly.dev/<your-path>

Key Points

  • The subdomain must be unique across all DyLy users
  • Subdomain names are case-insensitive and converted to lowercase
  • Once created, the subdomain cannot be changed (you would need to create a new project)
  • All projects get a default domain automatically—no DNS configuration required

Use Cases

  • Quick Prototyping: Start creating links immediately without domain setup
  • Development & Testing: Use the default domain for non-production environments
  • Cost Savings: Free plan users can use the default domain without purchasing a custom domain

Tip: Choose a subdomain that clearly identifies your project or organization for easier management and recognition.

Custom Path

DyLy allows you to create memorable, human-readable paths for your links or let the system generate random paths automatically.

Path Generation Options

Option 1: Auto-Generated Paths

  • If no path is specified, DyLy generates a random 7-character path
  • Characters used: lowercase letters, numbers, dots and hyphens (e.g., a7x.-k9m)
  • Ensures uniqueness and unpredictability

Option 2: Custom Paths

  • Define your own meaningful paths with up to 3 segments
  • Each segment can contain up to 36 characters
  • Path segments are separated by forward slashes (/)

Path Rules

Allowed Characters:

  • Lowercase alphanumeric characters (a-z, 0-9)
  • Hyphens (-)
  • Periods (.)

Invalid Characters: Uppercase letters, spaces, special characters (except - and .)

Examples of Valid Paths:

  • promo-2024
  • user/onboarding/step1
  • api/v1/config.json
  • product.details

Examples of Invalid Paths:

  • Promo-2024 (uppercase)
  • user onboarding (spaces)
  • api/v1/config/extra/segment (too many segments - max 3)

Use Cases

  • Marketing Campaigns: Use descriptive paths like summer-sale or black-friday-2024
  • User Onboarding: Create intuitive paths like welcome or signup/verify
  • API Endpoints: Mimic API structures like api/v1/config
  • QR Codes: Short, memorable paths like menu or wifi work well for printed materials

Best Practice: Use auto-generated paths for security-sensitive links (harder to guess) and custom paths for marketing or user-facing links (easier to remember and share).

Custom Domain

Available in the paid plan, custom domains allow you to use your own branded domain for links instead of the default .dyly.dev domain.

What You Get

  • One custom domain per project (e.g., links.yourbrand.com)
  • Full DNS configuration support and guidance
  • SSL/TLS certificates automatically managed by DyLy
  • Ability to use subdomains of your main domain

Setup Process

  1. Purchase a paid plan for your project
  2. Add your custom domain in the project settings
  3. Configure DNS records as instructed (CNAME or TXT record)
  4. Wait for DNS propagation (typically 5-60 minutes)
  5. DyLy automatically provisions an SSL certificate
  6. Start creating links with your custom domain

DNS Configuration

You'll need to add a DNS record pointing to DyLy's servers:

Type: CNAME
Name: links (or your chosen subdomain)
Value: cd-xxx.dyly.dev

Use Cases

  • Brand Consistency: Maintain your brand across all touchpoints
  • Trust & Recognition: Users trust links from recognized domains
  • Professional Appearance: links.yourbrand.com/promo looks more professional than random.dyly.dev/a7x3k9m
  • Marketing Materials: Use your domain in ads, emails, and printed materials

Limitations

  • One custom domain per project in standard plan
  • Root domain is currently not allowed

Important: Ensure you have access to your domain's DNS settings before attempting to add a custom domain.

Protected links add an extra layer of security by requiring a key parameter in the URL. This prevents unauthorized access even if someone discovers the link path.

How It Works

Protected links include a secret key in the URL:

https://<your-domain>/<your-path>?key=<secret-key-string>
  • Without the key: Returns a 403 Forbidden error
  • With wrong key: Returns a 403 Forbidden error
  • With correct key: Grants access to the link destination

Security Benefits

  • Unpredictable Access: Even if someone knows the path, they can't access the link without the key
  • Defense Against Scanning: Prevents automated tools from discovering links by path enumeration
  • Controlled Distribution: Only users who receive the complete URL (including key) can access the resource

Key Generation

  • DyLy automatically generates a cryptographically secure random key when you enable protection
  • The key is included in the API response when you create the link
  • Keys are unique per link and cannot be guessed

Use Cases

  • Confidential Documents: Share sensitive files that shouldn't be publicly accessible
  • Limited-Time Offers: Distribute exclusive deals to specific users
  • Beta Access: Provide access to pre-release features for select users
  • Account Recovery: Use in password reset flows for additional security
  • Payment Links: Protect payment or invoice links from unauthorized access

Important Considerations

⚠️ Not Available in Free Plan: Protected links require a paid plan

⚠️ Not a Replacement for Authentication: While protected links add security, they don't replace proper authentication for sensitive operations

⚠️ Key Management: Anyone with the full URL (including key) can access the link. Don't share links publicly if they contain sensitive keys.

Best Practice: Combine protected links with other features like one-time use or short expiration times for maximum security.

Expiration

Control how long your links remain active with flexible expiration settings.

Expiration Options

Time-Based Expiration:

  • Set links to expire after a specific duration (in seconds)
  • Maximum expiration: 1 year (31,536,000 seconds)
  • Expired links return a 404 Not Found status code

No Expiration:

  • Links remain active indefinitely (until manually deleted)
  • Useful for permanent redirects or long-term resources

Plan-Based Limits

Free Plan:

  • Fixed expiration of 1 day (86,400 seconds)
  • Cannot create links with longer expiration or no expiration

Paid Plan:

  • Flexible expiration up to 1 year
  • Option to create links with no expiration

Setting Expiration

When creating a link via API, specify the expiresIn parameter (in seconds):

{
  "expiresIn": 3600,  // 1 hour
  ...
}

Common Expiration Periods:

  • 1 hour: 3600
  • 1 day: 86400
  • 1 week: 604800
  • 1 month (30 days): 2592000
  • 1 year: 31536000
  • No expiration: omit the parameter or set to null

Use Cases

Short Expiration (Minutes to Hours):

  • Magic links for authentication
  • One-time password reset links
  • Time-sensitive verification links
  • Flash sale promotions

Medium Expiration (Days to Weeks):

  • Event invitation links
  • Limited-time campaigns
  • Temporary file sharing
  • Beta testing access

Long Expiration (Months to Years):

  • Annual reports or documentation
  • Product manuals
  • Evergreen content
  • Reference materials

No Expiration:

  • Permanent redirects (e.g., company rebranding)
  • Always-available resources
  • Documentation permalinks
  • Public API endpoints (using JSON links)

Monitoring Expiration

  • Check link status via the API or portal
  • DyLy automatically handles cleanup of expired links
  • Consider implementing monitoring for critical links approaching expiration

Security Tip: Use shorter expiration times for security-sensitive links. A compromised link can't be used after it expires.

One-time links can only be accessed once. After the first successful access, the link becomes permanently inaccessible.

How It Works

  1. User clicks the link for the first time → Link works normally
  2. User (or anyone else) tries to access the link again → Returns 404 Not Found
  3. The link is permanently deactivated and cannot be reused

Important Behaviors

What Counts as "Used":

  • A successful GET request to the link
  • Even if the user immediately hits "back" in their browser, the link is consumed

What Doesn't Count:

  • Failed requests (wrong key, expired link)
  • Requests to other links in the same project
  • API requests to check link status

Use Cases

Security-Critical Scenarios:

  • Password reset links
  • Account verification links
  • Invoice or payment links
  • Sensitive document access

Unique Value Distribution:

  • Discount codes (one per user)
  • Contest entry links
  • Ticket validation
  • Gift card redemption

Access Control:

  • Single-use temporary credentials
  • Time-limited resource access
  • Beta access invitations

Combining with Other Features

One-time links are most powerful when combined with other security features:

{
  "oneTime": true,
  "keyProtected": true,
  "expiresIn": 3600,
  ...
}

This creates a link that:

  • Requires a secret key to access
  • Can only be used once
  • Expires after 1 hour even if not used

Important Considerations

⚠️ Not Available in Free Plan: One-time links require a paid plan

⚠️ No Second Chances: Once clicked, the link is gone forever. Make sure users understand this before sharing one-time links.

⚠️ Preview/Prefetch Issues: Some email clients or chat apps automatically preview links, which may consume the one-time use before the user intentionally clicks. Consider adding a warning message or landing page.

⚠️ Browser Prefetching: Modern browsers may prefetch links, potentially consuming the one-time use unintentionally.

Best Practices

Communicate Clearly: Let users know the link is one-time use
Provide Alternatives: Offer a way for users to request a new link if needed
Test Carefully: Verify one-time behavior in your specific environment
Monitor Usage: Track when one-time links are consumed for security auditing

Developer Tip: For critical flows, consider implementing a webhook or polling mechanism to verify the link was used by the intended recipient before allowing the action to proceed.

Feature Comparison Table

FeatureFree PlanPaid Plan
Default Domain✅ Yes✅ Yes
Custom Path✅ Yes (up to 3 segments)✅ Yes (up to 3 segments)
Custom Domain❌ No✅ Yes (1 per project)
Protected Links❌ No✅ Yes
Expiration⏱️ Fixed (1 day)⏱️ Flexible (up to 1 year or none)
One-Time Links❌ No✅ Yes

Next Steps

Now that you understand DyLy's core features, you can:

  1. Explore Link Types: Learn about the four types of links DyLy supports in Link Types
  2. Review Use Cases: See these features in action with real-world examples in Use Cases
  3. Start Building: Check out the API Reference to begin creating links with these features

Remember: Start simple with basic features and gradually adopt advanced capabilities as your requirements grow. Not every link needs every feature!