Ephemera

API Documentation

Public Endpoints (no auth required)

POST /api/v1/secrets

Create a new secret.

{
  "content": "my secret",
  "password": "optional",
  "ttl": "24h",         // 1h, 24h, 7d, 30d
  "max_views": 1,       // 1-100
  "client_encrypted": false
}
GET /api/v1/secrets/:id

Read a secret. Decrements view count. Destroys if max views reached.

POST /api/v1/secrets/:id

Read a password-protected secret.

{ "password": "your-password" }
GET /api/v1/secrets/:id/meta

Check secret status without revealing it.

DELETE /api/v1/secrets/:id

Destroy a secret. Requires X-Delete-Token header.

Authenticated Endpoints

Requires X-API-Key: eph_... header. Create an account to get API keys.

POST /api/v1/auth/register

Create an account.

POST /api/v1/auth/login

Get a JWT token.

POST /api/v1/auth/api-keys

Generate an API key. Requires Bearer token.

Rate Limits

  • Anonymous: 10 requests/minute
  • Authenticated: 100 requests/minute