LinkTaco offers an API for our services via GraphQL.
However we understand there are many existing tools and integrations out there that already work with the Pinboard API. Sometimes this prohibits users from being able to migrate to LinkTaco. Now you can use those tools with LinkTaco exactly like you use them with Pinboard thanks to your new Pinboard API to GraphQL bridge.
You only need to change your clients endpoint. For instance typically, for the
Pinboard service, the api endpoint is https://api.pinboard.in, to use the
LinkTaco bridge you just need to use https://linktaco.com/pinboard as the end
point URL.
Everything else should match up the same. For instance, the Pinboard endpoint of:
https://api.pinboard.com/v1/posts/recent
On the LinkTaco bridge, it will be reached at:
https://linktaco.com/pinboard/v1/posts/recent
The full Pinboard API can be reviewed on their own API Page
You MUST use an authentication token to access the bridge API. In Pinboard you can use basic auth with your account username and password but that is very insecure and not supported by LinkTaco.
You can still use Basic auth should you like but just enter your access token as the account password if your clients configuration.
The bridge API authentication is based on OAuth 2.0 and is compatible with RFC 6749. Detailed documentation on our OAuth 2.0 implementation is available in the oauth documentation.
In short, there are two primary modes of authentication:
The former is suited to users who are writing their own scripts, CLI programs with no web component, and so on. Personal access tokens are available from linktaco.com/oauth2/personal.
The latter is useful for third-parties who wish to provide a streamlined authentication process. You should first register for an OAuth 2.0 client at linktaco.com/oauth2/clients. For details, consult RFC 6749 and the oauth documentation.
These can be used in the same way they are used in the Pinboard API.
Alternatively you can also set them directly in the Authorization header to
Bearer <token>, e.g. Authorization: Bearer AI+ym2EAAAAAAAAIc2lyY21wd26a8JLR48pyNs2ImxWYjgi9YVGxssyt5qk4YyV7BhHXAg
It is strongly recommended you use the Authorization header (either
Basic auth or Bearer token) instead of using the auth_token query string
parameter. Using the query string will log your token in the web server logs.
Since in LinkTaco one account can associate with unlimited organizations you can also specify which organization an API call was for in your API request.
You can specify in the following ways (ordered by priority):
auth_token query string parameter you specify
your-org-slug:your-api-token. Again this method is discouraged and it is
recommended you use the Authorization header method.Authorization header then use the org you want
to use in the username space. For instance, your Authorization header would
have a value like so: Basic your-org-slug:your-api-tokenuse_org value to the requests query string. For instance,
https://linktaco.com/pinboard/v1/posts/recent?use_org=your-org-slugIf no organization is specified then LinkTaco will default to the accounts default organization which was created at sign-up.
The bridge currently implements all the Pinboard API endpoints except the following:
/v1/posts/update/v1/tags/{delete,rename} - Tags work differently on LinkTaco and so allowing the editing
of them doesn't make since here. These 2 endpoints will simply return a "not
supported" error/v1/user/secret - For security reasons. Our design is safer so this end
point doesn't make sense./v1/user/api_token - Also makes no sense as our implementation already
requires a token.Some of these we may add if users request it.
commit c7c0e50a31e21977bb9e8ffb9afcb84d0c02c067 Author: Peter Sanchez <peter@netlandish.com> Date: 2025-08-01T10:19:53-06:00 More pinboard updates