Shared links

Anyone you give a Spanlens share link to can read the trace or request without signing up. The token in the URL is the only credential, and you stay in control: each link respects the redaction settings you picked, expires when you said it would, and can be revoked the moment it leaks.

When to use a share link

  • Bug reports. Paste the link in an issue so a teammate or vendor can see the exact LLM call without an account.
  • Marketing and content. Embed a redacted trace in a blog post showing how your agent handled a tough prompt.
  • Customer success. Send a customer the trace from their support ticket so they can see what their request actually returned.

Create a share

Open any trace at /traces/<id> or any request at /requests/<id> and click the Share icon in the top right. The dialog asks for two decisions.

Expiry

7 days, 30 days (default), or Never. A link past its expiry returns 404 instead of 410 so a token cannot be enumerated by probing expired URLs.

Redaction preset

Pick one of three intents instead of toggling each field by hand.

  • Marketing / external. PII patterns plus cost plus token counts all hidden. The viewer still sees the conversation, latency, and HTTP status, and that is usually what you want for a public post.
  • Internal team. Everything visible. Best for a Slack channel where every reader is already inside your trust boundary and the debugging value of token counts outweighs the leak risk.
  • Custom. Flip the individual toggles. The preset chip switches to Custom the moment you change anything, so the dialog never lies about what is selected.

The defaults are fail safe. New shares start with PII masking and cost hiding on. Token counts stay visible by default since they carry most of the debugging signal, and search engine indexing stays off.

What gets masked

  • PII. Provider keys (sk-…, sk-ant-…, AIza…) and Spanlens keys (sl_live_…) inside request and response bodies. Pattern based, so it catches the typical accidental paste.
  • Cost. The cost column reads $···in the viewer.
  • Token counts. Prompt, completion, and total counts read ··· in the viewer.

What the viewer looks like

The shared page renders a clean read-only view with input and output side by side on desktop (stacked on mobile), latency and token stats at the top, and a Spanlens attribution footer that links to the signup page. Every visit bumps the share view count by one.

The page also emits Open Graph and Twitter card metadata, so a link posted to Slack, X, or LinkedIn shows the trace name plus the provider and model in the preview. Search engines stay blocked unless you explicitly flip the indexable toggle when creating the share.

Manage your shares

The workspace Shared links page lists every active share in your organization, not just the ones you created. Any organization member can revoke any share, so a leaked link from a teammate does not require admin intervention.

Each row shows:

  • Target. Trace name when the share is a trace, otherwise Request <short-id>. Click to open the public viewer in a new tab.
  • Redaction chips. Three chips for PII, Cost, and Tokens, plus an extra warning chip when indexable is on. A glance tells you which shares are still leaking workload intel.
  • Views. Cumulative view count since the link was published.
  • Created and Expires. Expiry under seven days surfaces in a warning color so renewals do not slip.
  • Revoke. Soft delete with a confirm prompt. The public URL starts returning 404 immediately and cannot be undone.

Sort and filter

Filter by Workspace (default, every member) or My shares (only what you published). Sort by Newest (default),Most viewed, or Expiring soonest.

API

The dashboard uses these endpoints; you can call them from a script too if you need to bulk audit or revoke. All three require a Spanlens dashboard JWT, which you can grab from your browser session.

# List every active share in the workspace, sorted by view count
curl 'https://server.spanlens.io/api/v1/shares?scope=org&sort=views' \
  -H "Authorization: Bearer $SPANLENS_JWT"

# Create a share with the Marketing redaction preset
curl -X POST https://server.spanlens.io/api/v1/shares \
  -H "Authorization: Bearer $SPANLENS_JWT" \
  -H "Content-Type: application/json" \
  -d '{
    "scope": "trace",
    "targetId": "<trace-uuid>",
    "ttl": "30d",
    "redactPii": true,
    "redactCost": true,
    "redactTokens": true
  }'

# Revoke a share immediately (soft delete, view_count preserved)
curl -X DELETE https://server.spanlens.io/api/v1/shares/<token> \
  -H "Authorization: Bearer $SPANLENS_JWT"
bash

Security model

The token in the URL is the only credential. There is no per-viewer ACL. Tokens are 128 bits of entropy generated server side, well above any brute force threshold for a rate limited public endpoint. Treat a share link the same way you treat a signed S3 URL: anyone who gets the URL gets read access until you revoke or the link expires.

Server-side enforcement runs through the service role client and reads the underlying Postgres or ClickHouse row directly. The retention bypass keeps a long-lived share resolvable past your plan's normal retention window, up to the 365 day ceiling on the analytics table.

Related: Traces (where you create most shares), Security (PII masking patterns), Projects & API keys (the other externally-issued credential type).