ThinkRun

How it works

Every session and recording can generate a permanent share link of the form https://thinkrun.ai/s/<token>. Anyone with the link can view the session replay, screenshots, AI analysis, and navigation history — no ThinkRun account needed.

Only one active share link exists per session or recording at a time. Generating a new link automatically invalidates the previous one. Revoking a link immediately makes it inaccessible — existing viewers see a "not found" page.

Creating a share link

1. Open a session or recording in the ThinkRun dashboard.
2. Click the Share button in the top-right header.
3. Optionally set a password and choose whether to include console logs or network requests.
4. Click Generate link. The link is copied to your clipboard and ready to share.

What viewers see

Viewers see the same session or recording detail view you see, with a few differences:

• A "Shared view" badge appears in the header instead of action buttons.
• Viewers cannot trigger re-analysis, download the video, or manage the share link.
• Console logs and network requests are only visible if you enabled them when creating the link. For recording shares, these are available via the API bundle endpoint only — the recording UI focuses on AI analysis.
• Input actions (typed text, form values) are always redacted from viewers regardless of settings.
• URLs in the navigation history have sensitive query parameters (tokens, keys, passwords) automatically stripped.

If you are signed in to ThinkRun and view a share link, a ThinkRun link appears in the top-left corner that takes you back to your dashboard.

Password protection

Set a password when generating the link to restrict access. Viewers who open the link are shown a password prompt before seeing any content.

• Passwords are hashed with bcrypt — ThinkRun never stores the plaintext.
• After a correct password entry, a short-lived access token is issued for that browser session. Viewers do not need to re-enter the password while the tab is open.
• Brute-force protection limits password attempts to 5 per 15 minutes per IP address.
• Password-protected links cannot be previewed by social crawlers (Open Graph images are omitted).

Search engine indexing

Share pages are marked noindex, nofollow so they do not appear in search engine results.

Agent & API access

Every share URL has three interchangeable representations — pick whichever fits your client:

# Browser (HTML with rich unfurl preview)
https://thinkrun.ai/s/<token>

# JSON bundle — add .json, or negotiate via Accept header
curl https://thinkrun.ai/s/<token>.json
curl -H 'Accept: application/json' https://thinkrun.ai/s/<token>

# Markdown summary (LLM-context-efficient, ~500 tokens)
curl https://thinkrun.ai/s/<token>.md
curl -H 'Accept: text/markdown' https://thinkrun.ai/s/<token>

# Optional API key for owner-level fields
curl https://thinkrun.ai/s/<token>.json -H "x-api-key: YOUR_API_KEY"

For password-protected shares, add -H "x-share-password: YOUR_PASSWORD" (plaintext, transmitted over TLS and verified server-side against the bcrypt hash — never stored).

Every response includes a Link header advertising the alternates (rel="alternate", rel="canonical", rel="describedby") so agents that inspect headers can discover the JSON bundle without knowing the ThinkRun API.

The bundle response includes the session metadata, AI summary, screenshots with timestamps, navigation history, action log, and optionally console logs and network requests — all in a single flat JSON object suitable for LLM context windows.

Revoking a link

Open the Share modal on the session or recording and click Revoke link. The link stops working immediately. You can generate a new link at any time.

Share links are also automatically revoked when the underlying session or recording is deleted.

Rate limits