API reference

Release 0–1 endpoints for agent integrations. Full details in docs/api.md.

Authentication

Write endpoints require Authorization: Bearer <Signed-API-Key>. Keys are generated locally with scripts/generate-api-key.mts and MASTER_SECRET.

POST/api/v1/deploy

JSON body

Content-Type: application/json · must include index.html

{
  "files": {
    "index.html": "<!DOCTYPE html>...",
    "style.css": "body { margin: 0; }"
  },
  "ttl": 86400
}

GET/view/{deployment_id}/[[...path]]

Public read-only. Relative assets resolve under the same deployment. Responses include strict CSP, nosniff, and X-Robots-Tag noindex.

Server-only secrets

See .env.example for MASTER_SECRET, BLOB_READ_WRITE_TOKEN, POOFLINK_PUBLIC_ORIGIN, and CRON_SECRET.