: Do bitly "Branded short domains" support https? I have been looking for documentation or examples of bitly branded short domains which use https (ssl / secure links). Have not found anything.

@Martha676

YES. It's not official yet, but Bitly is starting to talk about their upcoming HTTPS support and it's already being rolled out.

Here are two examples: huff.to/1NozAOQ and tcrn.ch/1SMWIIN
I tried it for my own branded domain (on a free account) and, initially, it didn't work. However, after several hours, a new certificate showed up and HTTPS requests were totally supported!

How it works

If you look at the certificate authority, they are using Let's Encrypt to issue separate certificates for each domain. In order to issue (and reissue) certificates, Let's Encrypt creates "challenges" that only the respective domain owner can complete. Because the domain owner has pointed their domain at Bitly's server (via either an A or CNAME record), Bitly is able to complete these challenges on the fly, thus confirming to Let's Encrypt that Bitly has the authority to serve an issued certificate. Bitly is, therefore, able to get certificates issued on the fly for all of the domains they want to support.

There is one additional catch, however! In order to handle HTTPS requests from each client, they need to know which domain the client has sent their request to. Traditionally, this wouldn't be available over SSL/TLS without decrypting the request, and since Bitly can't decrypt the request without the right set of keys, they face a kind of catch-22. Thankfully, an add-on to TLS called "Server Name Indication (SNI)" was designed to solve exactly this problem. This allows the client to pass along a plaintext version of the server name, so that the receiving server can pair that with the correct decryption keys.

This means that Bitly's HTTPS support only works with slightly more modern browsers, since really old browsers don't support SNI. But they're probably fine with that trade-off.

Whew. A lot of moving parts there. This is a big announcement for Bitly and is actually a lot harder to get right than it might seem from the outset.

Vote Up Vote Down

@LarsenBagley505

Most bitly API endpoints require an OAuth access token.

If you only need a token for your own account and will not be authenticating any additional end-users, you can generate a developer access token from bitly.com/a/oauth_apps or by using the Basic Authentication Flow.

Further reading here.

Vote Up Vote Down