Digital Asset Links API

Name: Digital Asset Links API API
Brand: Digital Asset Links API
Availability: InStock

✓ Official Vendor SpecIdentity AuthAuthenticationnone3 EndpointsREST

For Agents

Verify ownership and trust relationships between websites and Android apps so platforms can grant cross-asset capabilities.

Quickstart

Get started with Digital Asset Links API in minutes using your preferred integration method.

# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
  "jentic": {
    "url": "https://api.jentic.com/mcp",
    "auth": "oauth"
  }
}

# Then ask your agent:
"verify Android App Links for a domain"

# → Jentic returns the GET /events tool with parameter schema, agent executes.

Capabilities

What an agent can do with Digital Asset Links API API.

Check whether a source website has authorized a target Android app for a given relation

Bulk-check multiple asset link statements in one request

List all statements published by a source asset

Verify Android App Links host attestation programmatically

GET STARTED

Start building with Digital Asset Links API API

Explore with Jentic

View OpenAPI Document

Google Digital Asset Links lets web and mobile owners declare verifiable relationships between online assets — for example, that an Android app is the official companion to a website. Apps and platforms use the API to check whether a given source asset (a website) has authorized a target asset (an Android app) for actions like Smart Lock for Passwords, App Links, and Chrome Custom Tabs verification. The lookups are unauthenticated GETs over public statement files (assetlinks.json) hosted on the source asset.

Use Cases

Patterns agents use Digital Asset Links API API for, with concrete tasks.

★ Android App Links Verification

Mobile teams use the assetlinks:check endpoint to confirm that the assetlinks.json hosted at a domain authorizes their app's package name and signing certificate for the delegate_permission/common.handle_all_urls relation. This is the same check Android performs at install time — running it in CI catches misconfigured asset link files before release.

Call assetlinks:check with source website https://example.com, target android_app com.example.app with sha256_cert_fingerprint, and relation delegate_permission/common.handle_all_urls.

Smart Lock Credential Sharing Audit

Identity teams use bulkCheck to audit which apps are entitled to share credentials with a website via the delegate_permission/common.get_login_creds relation. Running this nightly surfaces accidental authorizations or removed apps, supporting password-manager and SSO compliance.

Call assetlinks:bulkCheck with three target Android apps and the get_login_creds relation against source https://example.com, then return only those that fail the check.

Statement Discovery and Reporting

Use statements:list to enumerate every relation a source asset has declared. Useful for security reviews of acquired domains — surface every Android app, iOS bundle, or web origin a domain currently trusts, and feed the list into change-management.

Call statements:list for source https://example.com and return every target asset and relation declared in its assetlinks.json.

Agent-Driven App Trust Verification

Through Jentic, an AI agent verifies whether a website trusts a candidate Android app before recommending an integration path. The agent calls assetlinks:check with the package name and certificate fingerprint, returning a clean verified or not-verified outcome to the user without needing OAuth credentials (this API requires none).

Use Jentic to search 'check digital asset link', load the assetlinks:check schema, and execute it for source https://acme.com and target Android app com.acme.checkout.

Key Endpoints

3 endpoints — google digital asset links lets web and mobile owners declare verifiable relationships between online assets — for example, that an android app is the official companion to a website.

METHOD

PATH

DESCRIPTION

GET

/v1/assetlinks:check

Check a single asset link statement

POST

/v1/assetlinks:bulkCheck

Check multiple asset link statements in one call

GET

/v1/statements:list

List all statements published by a source asset

GET

/v1/assetlinks:check

Check a single asset link statement

POST

/v1/assetlinks:bulkCheck

Check multiple asset link statements in one call

GET

/v1/statements:list

List all statements published by a source asset

Why though Jentic?

Three things that make agents converge on Jentic-routed access.

Credential isolation

This API is unauthenticated, so there are no secrets to handle. Jentic still executes the call from a sandboxed runner, so request/response data is contained per agent run and never persisted unless explicitly logged.

Intent-based discovery

Agents search by intent (e.g., 'verify Android App Links') and Jentic returns the matching assetlinks:check operation with its parameter schema, so the agent can issue the call without reading the Discovery REST docs.

Time to first call

Direct integration: a few hours to wire up the unauthenticated GET, parse responses, and handle 404s on missing statement files. Through Jentic: minutes — search, load schema, execute.

Related APIs

Alternatives and complements available in the Jentic catalogue.

Complementary

Identity and Access Management (IAM) API

Manages Google Cloud principal-level permissions — a different layer from cross-asset trust

Use IAM for Google Cloud resource access; use Digital Asset Links to verify cross-asset trust between websites and apps.

Complementary

Cloud Identity-Aware Proxy (IAP) API

User identity gating for web apps, complementary to asset link verification

Use IAP to gate access to Google Cloud-hosted apps; use Digital Asset Links to verify ownership relationships between domains and apps.

Alternative

Play Integrity API

Verify app and device integrity at runtime — different from declarative asset links

Choose Play Integrity to verify a running Android app instance is genuine; choose Digital Asset Links to verify declarative website-to-app ownership.

FAQs

Specific to using Digital Asset Links API API through Jentic.

What authentication does the Digital Asset Links API use?

None. The check, bulkCheck, and list endpoints are unauthenticated GETs that read public assetlinks.json files hosted by source assets. Through Jentic, no credentials are needed and nothing sensitive is exchanged.

Can I check Android App Links with this API?

Yes. Call /v1/assetlinks:check with the source web asset, target android_app (package_name plus sha256_cert_fingerprints), and relation delegate_permission/common.handle_all_urls — this is the same verification Android performs at install time.

What are the rate limits for the Digital Asset Links API?

Google publishes a default of around 10,000 requests per day per project for this API, with no documented per-second cap. Quota can be raised in the Google Cloud Console if your verification volume exceeds the default.

How do I list all statements for a domain through Jentic?

Search 'list digital asset link statements', load the schema for /v1/statements:list, then execute it with source.web.site set to https://example.com. Jentic returns the parsed statement list.

Does the Digital Asset Links API support iOS app verification?

The statement model supports web and android_app target asset types but does not validate iOS Universal Links — Apple uses its own apple-app-site-association format. Use this API for Android and web cross-asset trust only.

Why does my check fail when the assetlinks.json looks correct?

Common causes: missing or misordered SHA-256 cert fingerprints (must match the signing cert exactly, uppercase hex with colons), incorrect Content-Type on the file (must be application/json), or HTTP redirects on the .well-known path. Fix the source file and retry the check.