Password Protection
ProRequires a Pro or Builder plan
What is Password Protection?
Password protection adds an authentication gate to a short link. When a visitor clicks the link, they are shown an AWSYS.CO password prompt instead of being redirected immediately. Only visitors who enter the correct password are forwarded to the destination URL. This is useful for sharing confidential documents, private beta invites, pre-launch pages, or any content you want to restrict to a known audience.
Requirements
Password protection requires a Pro or Builder plan. The password is stored as a secure hash — AWSYS.CO cannot retrieve a plaintext password after you set it. If you forget the password, you can set a new one by editing the link.
Step-by-step: Add a password to a link
- Create a new link or open an existing one in your dashboard.
- Toggle on Password Protection.
- Enter the password you want visitors to use. There is no complexity requirement, but choose something that is hard to guess.
- Optionally set a password hint — a brief message shown on the password prompt page to help authorised users remember the password without giving it away publicly.
- Save the link. Visitors who click it will see an AWSYS.CO (or custom-domain) password prompt before being redirected.
- To remove password protection, toggle off the setting and save the link. Visitors will immediately be redirected without a password prompt.
Configuration reference
| Setting | Value | Notes |
|---|---|---|
| Password | Any string, 1–128 characters | Stored as a hash; not retrievable |
| Password hint | Optional, up to 100 characters | Displayed on the password prompt page |
| Session duration | 24 hours | Visitors who enter the correct password are remembered for 24 hours on the same browser |
| Analytics | Click counted on successful auth only | Failed password attempts do not count as clicks |
Common questions
Can I see who entered the password?
No. AWSYS.CO records analytics for successful redirects (geo, device, referrer) but does not capture who specifically entered the password. There is no visitor identification.
Is the password prompt page branded with my domain?
If the link uses a custom domain, the password prompt is served at your custom domain URL, keeping branding consistent. On the default awsys.co domain, the standard AWSYS.CO password page is shown.
Can I set passwords via the API?
Yes. Pass "password": "your-secret" in the body of a POST /api/createShort or PATCH /api/links/:id request. The value is hashed server-side — it is never stored as plaintext.
Does password protection work with traffic routing and geo-routing?
Yes. The password prompt is shown first. After successful authentication, the visitor is routed according to the traffic routing or geo-routing rules you have configured.