Malin/paste.es
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3ae27ea413f6bf74d7e3f85af7f3ca2235f07c68
paste.es/docs/api.md
Malin bc9f96cbd4 feat: rebrand Hemmelig to paste.es for cloudhost.es 
- Set Spanish as default language with ephemeral/encrypted privacy focus
- Translate all user-facing strings and legal pages to Spanish
- Replace Norwegian flag with Spanish flag in footer
- Remove Hemmelig/terces.cloud links, add cloudhost.es sponsorship
- Rewrite PrivacyPage: zero data collection, ephemeral design emphasis
- Rewrite TermsPage: Spanish law, RGPD, paste.es/CloudHost.es references
- Update PWA manifest, HTML meta tags, package.json branding
- Rename webhook headers to X-Paste-Event / X-Paste-Signature
- Update API docs title and contact to paste.es / cloudhost.es

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-24 09:30:19 +01:00

107 lines
4.3 KiB
Markdown
Raw Blame History

# API Documentation
Hemmelig provides a REST API for programmatic access to secret sharing functionality.
## Interactive Documentation
The API is documented using OpenAPI 3.0 specification with an interactive Swagger UI:
- **Swagger UI:** `/api/docs` - Interactive API explorer
- **OpenAPI Spec:** `/api/openapi.json` - Raw OpenAPI specification
## Authentication
### Session Authentication
For browser-based access, authenticate through the `/auth` endpoints provided by better-auth. Session cookies are automatically managed.
### API Key Authentication
For programmatic access, create an API key in your account settings under the **Developer** tab.
Use the API key as a Bearer token in the `Authorization` header:
```bash
curl -H "Authorization: Bearer hemmelig_your_api_key_here" \
https://your-instance.com/api/secrets
```
**Important:**
- API keys are shown only once upon creation - store them securely
- Maximum 5 API keys per user
- Keys can optionally expire after 30, 90, or 365 days
- Revoke compromised keys immediately from your account settings
For endpoints requiring admin access, the authenticated user must have the `admin` role.
## Quick Reference
### Public Endpoints
| Method | Endpoint | Description |
| ------ | ------------------------------- | ------------------------------------------------- |
| GET | `/api/healthz` | Health check |
| POST | `/api/secrets` | Create a new secret |
| POST | `/api/secrets/:id` | Retrieve a secret (password in body if protected) |
| GET | `/api/secrets/:id/check` | Check if secret exists and requires password |
| POST | `/api/files` | Upload a file |
| GET | `/api/files/:id` | Download a file |
| GET | `/api/instance/settings/public` | Get public instance settings |
| GET | `/api/setup/status` | Check if initial setup is needed |
| POST | `/api/setup/complete` | Complete initial setup |
### Authenticated Endpoints
| Method | Endpoint | Description |
| ------ | ----------------------- | ------------------- |
| GET | `/api/secrets` | List user's secrets |
| DELETE | `/api/secrets/:id` | Delete a secret |
| GET | `/api/account` | Get account info |
| PUT | `/api/account` | Update account info |
| PUT | `/api/account/password` | Update password |
| DELETE | `/api/account` | Delete account |
| GET | `/api/api-keys` | List API keys |
| POST | `/api/api-keys` | Create API key |
| DELETE | `/api/api-keys/:id` | Delete API key |
### Admin Endpoints
| Method | Endpoint | Description |
| ------ | ------------------------------- | ------------------------- |
| GET | `/api/instance/settings` | Get all instance settings |
| PUT | `/api/instance/settings` | Update instance settings |
| GET | `/api/analytics` | Get secret analytics |
| GET | `/api/analytics/visitors/daily` | Get daily visitor stats |
| GET | `/api/invites` | List invite codes |
| POST | `/api/invites` | Create invite code |
| DELETE | `/api/invites/:id` | Deactivate invite code |
| PUT | `/api/user/:id` | Update user |
## Example: Create a Secret
```bash
curl -X POST https://your-instance.com/api/secrets \
-H "Content-Type: application/json" \
-d '{
"secret": "BASE64_ENCRYPTED_CONTENT",
"salt": "ENCRYPTION_SALT",
"expiresAt": 3600,
"views": 1
}'
```
Response:
```json
{
"id": "abc123xyz"
}
```
## Important Notes
- **Client-side encryption:** All secret content should be encrypted client-side before sending to the API. The server only stores encrypted data.
- **Decryption keys:** Never send decryption keys to the server. They should be passed via URL fragments (`#key=...`) which are not transmitted to the server.
- **Rate limiting:** API requests may be rate-limited based on instance settings.
Reference in New Issue View Git Blame Copy Permalink