Use Cases
This section demonstrates how to implement common patterns and use cases using DyLy. Each example includes step-by-step instructions and best practices.
Quick Use Cases
URL Shortening
Transform long, unwieldy URLs into short, memorable links perfect for sharing on social media, SMS, or printed materials.
When to use:
- Social media posts with character limits
- SMS marketing campaigns
- Print materials (business cards, flyers, billboards)
- QR codes for offline-to-online conversion
- Analytics tracking for different marketing channels
Implementation:
Create a URL link with a custom path:
POST /url/api/v1/links
{
"type": "url",
"projectId": "your-project-id",
"destinationUrl": "https://example.com/products/category/subcategory/item?utm_source=twitter&utm_campaign=spring2024&utm_content=post123",
"path": "spring-deal",
"expiresIn": 2592000
}
Result: https://myapp.dyly.dev/spring-deal
Tips:
- Use descriptive paths for better user experience and brand recall
- Set appropriate expiration times based on campaign duration
- Track clicks through analytics to measure campaign performance
- Consider using auto-generated paths for security-sensitive links
Example: A company running a spring promotion creates short links like
https://brand.dyly.dev/spring24instead of sharing lengthy URLs with multiple tracking parameters.
Well-Known Endpoints
Many protocols and standards require specific endpoints under /.well-known/. DyLy makes it easy to create these without backend infrastructure.
Common well-known endpoints:
/.well-known/apple-app-site-association- iOS Universal Links/.well-known/assetlinks.json- Android App Links/.well-known/openid-configuration- OAuth 2.0 / OpenID Connect discovery/.well-known/security.txt- Security contact information/.well-known/jwks.json- JSON Web Key Sets (automatically provided by DyLy)
Example: Universal Links for iOS
Universal Links allow iOS users to open your app directly from web links instead of opening Safari.
Step 1: Create a JSON link with the required configuration:
POST /url/api/v1/links
{
"type": "json",
"projectId": "your-project-id",
"path": ".well-known/apple-app-site-association",
"jsonContent": {
"applinks": {
"apps": [],
"details": [
{
"appIDs": ["TEAMID.com.example.app"],
"paths": [
"*"
]
}
]
}
}
}
Step 2: Configure your iOS app to handle universal links (in Xcode and your app's entitlements)
Step 3: Test by visiting https://your-domain.dyly.dev/.well-known/apple-app-site-association
Result: When users click links to your domain on iOS devices, your app opens instead of Safari.
Note: The path must be exactly
.well-known/apple-app-site-association(no file extension) for iOS to recognize it.
Example: App Links for Android
Android App Links provide similar functionality for Android devices.
POST /url/api/v1/links
{
"type": "json",
"projectId": "your-project-id",
"path": ".well-known/assetlinks.json",
"jsonContent": [
{
"relation": ["delegate_permission/common.handle_all_urls"],
"target": {
"namespace": "android_app",
"package_name": "com.example.app",
"sha256_cert_fingerprints": [
"14:6D:E9:83:C5:73:06:50:D8:EE:B9:95:2F:34:FC:64:16:A0:83:42:E6:1D:BE:A8:8A:04:96:B2:3F:CF:44:E5"
]
}
}
]
}
Important:
- Get your SHA256 fingerprint from your app's signing certificate
- Test the endpoint is accessible at
https://your-domain.dyly.dev/.well-known/assetlinks.json - Configure your Android app's intent filters to match your domain
Tip: For deep links that should launch your app, make sure to exclude API paths like
/deferred-paramsin your Universal Links/App Links configuration to avoid conflicts.
Request URI for OAuth 2.0
DyLy can be used to implement the request_uri parameter defined in RFC9101, which allows passing large or complex OAuth 2.0 authorization requests by reference.
Benefits:
- Avoid URL length limitations in authorization requests
- Ensure request integrity through JWT signatures
- Enable pushed authorization requests (PAR) patterns
- Simplify client implementation for complex requests
Implementation:
Option 1: Create a JWT link with your authorization request as claims:
POST /url/api/v1/links
{
"type": "jwt",
"projectId": "your-project-id",
"flow": "direct",
"jwtClaims": {
"response_type": "code",
"client_id": "your-client-id",
"redirect_uri": "https://yourapp.com/callback",
"scope": "openid profile email",
"state": "xyz123",
"nonce": "abc789",
"claims": {
"userinfo": {
"email": {"essential": true},
"email_verified": {"essential": true}
}
}
},
"jwtExpiresIn": 600,
"expiresIn": 600
}
Option 2: Use the link URL directly as the request_uri parameter:
https://auth-server.example.com/authorize?
client_id=your-client-id&
request_uri=https://myapp.dyly.dev/auth-request-abc123
Option 3: Fetch the JWT and use it as the request parameter:
# Fetch the JWT
curl https://myapp.dyly.dev/auth-request-abc123
# Use the JWT directly
https://auth-server.example.com/authorize?
client_id=your-client-id&
request=<the-jwt-you-fetched>
Security Considerations:
- Set short expiration times (5-10 minutes)
- Use one-time links to prevent request replay
- The authorization server must validate the JWT signature
- Ensure the
client_idin the request matches the JWT claims
Note: This pattern is particularly useful for complex authorization requests that would exceed URL length limits or when you need cryptographic proof of request integrity.
Detailed Implementation Guides
For more complex use cases with full implementation details:
Magic Link Authentication
Implement passwordless authentication using DyLy JWT links. Users receive a secure, time-limited link via email that logs them in when clicked.
What you'll learn:
- Creating secure JWT links with proper claims
- Implementing the authorization code flow with PKCE
- State validation for CSRF protection
- JWT verification and session establishment
- Security best practices for authentication flows
Ideal for:
- Passwordless login systems
- Email verification flows
- Password reset mechanisms
- Secure, time-sensitive authentication
Read the full Magic Link guide →
Invitation Links for Mobile Apps
Build a stateless invitation system using deep links. Users can invite others to join groups or features within your mobile app, with seamless experience whether the app is installed or not.
What you'll learn:
- Setting up Universal Links (iOS) and App Links (Android)
- Creating deep links with invitation context
- Implementing deferred deep linking for non-installed apps
- Token validation and security verification
- Handling both installed and not-installed scenarios
Ideal for:
- Friend referral systems
- Team/group invitations
- Content sharing within apps
- App install attribution
Read the full Invitation Link guide →
Additional Use Case Ideas
Temporary File Sharing
Create time-limited links to shared files or resources:
{
"type": "url",
"destinationUrl": "https://storage.example.com/files/report.pdf?token=xyz",
"expiresIn": 86400,
"oneTime": true,
"keyProtected": true
}
Use for: Secure file sharing, confidential document distribution, temporary access grants
Dynamic Configuration
Serve app configuration that can be updated without releasing new app versions:
{
"type": "json",
"path": "config/v1",
"jsonContent": {
"featureFlags": {
"newUI": true,
"betaFeatures": false
},
"apiEndpoint": "https://api-v2.example.com",
"supportedVersions": ["2.0.0", "2.1.0"]
}
}
Use for: Feature flags, remote configuration, A/B testing parameters, API versioning
QR Code Campaigns
Create scannable QR codes for offline-to-online campaigns:
{
"type": "url",
"path": "table-5",
"destinationUrl": "https://restaurant.com/menu?table=5&promo=scan2024",
"expiresIn": 7776000
}
Use for: Restaurant menus, retail promotions, event check-ins, product information
API Mocking & Testing
Create mock API endpoints for development and testing:
{
"type": "json",
"path": "api/v1/users/123",
"jsonContent": {
"id": "123",
"name": "Test User",
"email": "test@example.com",
"role": "admin"
}
}
Use for: Frontend development without backend, API contract testing, demo environments
Short-lived Verification Codes
Deliver verification codes securely via JWT links:
{
"type": "jwt",
"flow": "direct",
"jwtClaims": {
"verificationCode": "ABC123",
"userId": "user-456",
"purpose": "phone-verification"
},
"jwtExpiresIn": 300,
"oneTime": true
}
Use for: Two-factor authentication, phone verification, email confirmation, account recovery
Best Practices Across Use Cases
Security
✅ Principle of Least Privilege: Use the minimum required expiration time and features
✅ Defense in Depth: Combine multiple security features (oneTime + keyProtected + short expiration)
✅ Validate Everything: Always verify JWT signatures and check all claims
✅ Monitor Usage: Track link access patterns for anomaly detection
Performance
✅ Cache Wisely: JSON links can be cached; URL links should redirect quickly
✅ Short Paths: Use concise paths for better QR code scanning and user experience
✅ Batch Creation: Use the API to create multiple links efficiently
User Experience
✅ Descriptive Paths: Use human-readable paths for user-facing links
✅ Clear Communication: Tell users what to expect (app launch, redirect, etc.)
✅ Graceful Failures: Provide helpful error messages and fallback options
✅ Test Across Devices: Verify links work on iOS, Android, and web
Maintenance
✅ Document Links: Keep track of what links are used where
✅ Set Expiration: Use appropriate expiration times to avoid stale links
✅ Monitor Metrics: Track link performance and usage patterns
✅ Plan for Rotation: Have a strategy for updating or replacing links
Next Steps
- Start Simple: Begin with basic URL shortening or JSON endpoints
- Review Tutorials: Follow the detailed guides for Magic Links and Invitation Links
- Explore Features: Learn about Core Features to enhance your links
- API Reference: Dive into the complete API documentation
Have a use case not covered here? Check the API Reference for full capabilities, or reach out to our support team for guidance.