1get — Engineering Precision Link Managementfor the Modern Web
How FDS architected a multi-tenant link management SaaS platform delivering sub-50ms global redirects, real-time click analytics, and enterprise-grade access control — from a single, unified dashboard.
A Link Ecosystem With No Center of Gravity
Growing marketing teams operate with a structural blind spot. Campaign links scatter across email platforms, social schedulers, paid media dashboards, spreadsheets, and internal messaging threads — each one a silo, none of them connected. When a destination URL changes, there is no mechanism to propagate that change globally. When a team member leaves, the links they created belong to no one. When leadership asks which channel is driving conversions, the answer demands hours of manual reconciliation across tools never designed to communicate with each other. Custom short links, when they exist at all, carry third-party domains that quietly erode the brand credibility of every campaign asset they appear in — and provide no redirect management, no expiration control, and no audit trail whatsoever.
“We needed a link management platform that could enforce brand consistency across all client domains, give each team visibility into their own link performance without exposing data across accounts, and provide an audit trail operations leadership could actually trust.”
The organization behind 1get faced this problem at scale. As an agency serving multiple client teams simultaneously, they required a link management platform capable of enforcing brand consistency across all client domains, giving each team isolated visibility into their own link performance, and providing operations leadership with a complete, queryable record of every link created, modified, or deleted. Critically, the architecture had to support growth: what began as an internal tool would eventually be offered as a product to their own clients. A generic URL shortener would not withstand that ambition. FDS was engaged to build something designed from the ground up for multi-organizational scale — not a utility, but a platform.
Architecture Decisions That Compound Over Time
Multi-Tenant Foundation from Day Zero
Before a single route was written, FDS and the client team aligned on one non-negotiable architectural commitment: multi-tenancy from day zero, not as a retrofit. Every significant entity in the data model — links, analytics events, QR codes, team memberships, audit log entries — carries an organization_id foreign key enforced at the Prisma ORM layer. No query in the application touches link or analytics data without that scope as a mandatory filter. This is not a middleware guard or a UI convention that can be misconfigured — it is structural, expressed in the schema and enforced in every data-access function. A single deployment can serve dozens of organizations on shared infrastructure, with each tenant receiving the data isolation guarantees they would expect from a dedicated environment.
Redis Cache-Aside for the Redirect Hot Path
The redirect path presented the hardest performance constraint. Users clicking a custom short link should perceive zero latency — any friction on the redirect undermines the credibility of the branded link itself. The engineering target was sub-50ms p99 latency, and the solution is a Redis cache-aside pattern. When a link is created or updated, the short code and its destination URL are written simultaneously to PostgreSQL (the system of record) and Redis (the hot path). Redirect handlers read exclusively from Redis, bypassing relational queries entirely. Cache invalidation on link modification is synchronous with the write operation; soft-deleted links have their Redis keys expired immediately, preserving the audit record without serving stale redirects. PostgreSQL sees only analytics writes and administrative operations — the redirect hot path stays entirely in memory at every traffic volume.
Socket.IO for Live Click Intelligence and Unified QR Analytics
The analytics requirement elevated the project beyond conventional link management into what the team began calling link intelligence. Teams do not want to refresh a dashboard to see click data — they expect the dashboard to be alive. FDS integrated Socket.IO to broadcast click events in real time as each redirect is served: a click payload containing timestamp, geographic coordinates derived from IP, device classification from user-agent, and referrer URL is emitted into a Socket.IO channel keyed to the organization. The analytics dashboard subscribes on mount and reflects new clicks as they arrive — no polling, no page refresh. QR codes are treated as first-class members of the same pipeline: every QR scan resolves through the identical Redis redirect engine and emits the same event payload. Scan analytics and link click analytics are unified in one dashboard with no distinction in the underlying data model, giving teams a single source of truth across all trackable links regardless of their physical or digital surface.
Eight Capabilities. One Coherent Platform.
Custom Branded Short Links
Vanity slugs and custom domain support via CNAME — every link reinforces brand identity across email, paid, social, and affiliate channels.
Sub-50ms Redis Redirect Engine
Cache-aside architecture serves every redirect from Redis exclusively. PostgreSQL never touches the hot path — p99 latency stays below 50ms at any traffic volume.
QR Codes with Scan Analytics
Every QR code routes through the same Redis redirect engine and analytics pipeline as short links — scan data and click data unified from day one.
Real-Time Click Intelligence
Geographic distribution, device breakdown, referrer attribution, and click-through rates broadcast live via Socket.IO — no polling, no refresh.
Four-Tier RBAC
Owner, Admin, Member, and Viewer roles with org-level workspace isolation. Every API boundary validates role before executing — zero trust-the-client behavior.
Complete Audit Logging
Every state change — link creation, modification, deletion, team action — is timestamped, attributed to a user, and queryable. Compliance without manual effort.
Subscription-Gated Feature Tiers
Stripe-managed billing with plan enforcement at the API layer. Feature gates are data-driven, not code flags — upgrading or downgrading a plan takes effect immediately.
REST API for Workflow Integration
A clean, authenticated REST API lets teams embed link management into CMSs, marketing automation stacks, and internal tooling without leaving their existing workflows.
The Engineering Details That Separate Good from Precise
Sub-50ms Global Redirects
The redirect engine is the product's most performance-sensitive path, and its architecture reflects that priority. On every link creation or update, the short code and destination URL are written simultaneously to PostgreSQL and Redis. Redirect handlers read from Redis exclusively, issuing a 301 without touching the relational database. Cache invalidation on link modification is synchronous — when a destination changes, the Redis key updates in the same transaction as the database write, with no window for stale redirects. Soft-deleted links trigger immediate Redis key expiry, maintaining audit record integrity without risk of serving deleted destinations. The practical outcome: p99 redirect latency stays consistently below 50ms regardless of concurrent traffic volume, because the hot path is a single memory lookup — not a query plan.
Multi-Tenant Architecture
1get is designed around the assumption that multiple organizations coexist in a single deployment, with zero possibility of data exposure between tenants. Every significant entity — links, analytics events, QR codes, team memberships, audit log entries — carries an organization_id foreign key, and every Prisma query in the application layer is constructed with that scope as a non-optional filter. There is no code path in 1get that reads link records without an organization boundary. This is not enforced at the UI layer or behind a middleware guard — it is expressed in the data access pattern itself. The consequence is an architecture that can serve agencies, SaaS companies, and marketing teams simultaneously on shared infrastructure, with each tenant receiving the data isolation guarantees they would expect from a dedicated deployment — without the operational cost of one.
Real-Time Analytics Engine
Click events in 1get are not batch-processed or polled — they are broadcast live the moment a redirect is served. The redirect handler emits a structured click payload (timestamp, geographic location derived from IP, device classification from user-agent, referrer URL) into a Socket.IO channel keyed to the link's organization. The analytics dashboard subscribes to that channel on mount and updates the UI as events arrive — delivering genuine liveness without a polling interval or a page refresh. Redis absorbs the write volume at redirect time; a background queue drains click events into PostgreSQL for persistent storage and historical queries. QR code scans route through the identical pipeline, producing the same event structure — so scan analytics and link click analytics share one dashboard, one data model, and one real-time stream. Teams gain click-through rate, referrer data, geographic breakdown, and device attribution with no additional instrumentation.
Role-Based Access Control
1get enforces a four-tier permission model at every API boundary, with no trust-the-client behavior anywhere in the stack. Owners hold full organizational authority: billing management, workspace deletion, and complete team administration. Admins can invite and remove members, manage all links within the organization, and access aggregate analytics across the workspace. Members own and manage their own links with read access to organization-level performance data — the standard operating tier for individual contributors. Viewersreceive read-only access to links and analytics, appropriate for clients, stakeholders, or executive observers who require visibility without write permissions. Every Server Action and API route validates the calling user's role before executing. Role checks are not a convention — they are enforced middleware that cannot be bypassed by a well-crafted request.
The Numbers That Define the Platform
Redirect Latency (p99) — sustained across all traffic
Platform uptime since production launch
Reduction in link management coordination overhead
Average time to onboard a team and go live with branded links
Since launch, 1get has processed millions of redirects without a single measured p99 breach above 50ms. Teams report a significant reduction in time spent on link-related coordination — the combination of centralized ownership, real-time click analytics, and role-based delegation eliminating the overhead that previously required manual spreadsheet tracking and cross-tool reconciliation. Organizations onboard, configure their branded domain, and create their first custom short links within a single working session — from invitation to first live link in hours, not days.
A Stack Chosen for Type Safety and Production Confidence
Every tool in the 1get stack was chosen to maximize TypeScript type safety end-to-end — from Zod validation schemas at API boundaries through Prisma-generated types to React components — while minimizing operational surface area in early production.
Application
Backend & API
Data Layer
Infrastructure & Services
The Right Architecture Pays Compound Interest
If your marketing team is managing campaign links across email, paid, social, and affiliate channels without a unified system, you are operating with a structural blind spot. You cannot see which custom short links are converting, you cannot enforce brand consistency across domains, and when something breaks — a destination URL changes, a campaign ends, a parameter gets corrupted — you have no audit trail to diagnose it rapidly. 1get is the link management platform FDS built to close that gap permanently: not a utility shortener, but a link intelligence system your entire team operates from a single, access-controlled workspace where every click is a data point and every link is a tracked, brandable asset.
For agency operators and SaaS founders reading this, the architecture story is as important as the feature set. 1get demonstrates what FDS delivers when precision is the requirement: a multi-tenant data model that protects every client's information structurally — not through application-layer guards — an access control model that mirrors real organizational hierarchies, and a performance engineering standard that treats every redirect as a product experience measured in milliseconds. If you are building a SaaS product, a team productivity tool, or any platform where organizations share and track digital assets at scale, the engineering principles behind 1get are the foundation FDS would bring to your project from day one.
Marketing Directors
One dashboard for every link your team touches — with real-time click intelligence to prove ROI across channels.
Agency Ops Leads
Client data isolation by design. Give each team their own workspace — zero risk of cross-account data exposure.
SaaS Founders
The architecture behind 1get — multi-tenant, RBAC, Stripe billing — is the scaffold FDS builds your platform on.
We replaced three separate tools with 1get. The link analytics finally gave our paid and content teams a shared language — everyone works from the same click data, in the same dashboard, with no reconciliation overhead.
Ready to Build Your Own SaaS Platform?
Whether you need a link management platform like 1get or a custom SaaS product built for your specific market — FDS architects it with the precision, security model, and engineering depth your business deserves.