Password Pusher
Go Ahead. Email Another Password.
Complete JSON API documentation for creating, retrieving and managing pushes in the open-source edition.
Authenticate requests with a Bearer token in the Authorization header.
Create an API token in your account settings at /users/token.
Authorization: Bearer YOUR_API_TOKENGET /api/v2/version, GET /api/v2/pushes/:url_token, GET /api/v2/pushes/:url_token/previewGET /api/v2/pushes/:url_token/audit, GET /api/v2/pushes/active, GET /api/v2/pushes/expiredAll endpoints are relative to your installation host:
https://secure.hardinlab.com/api/v2GET /api/v2/version
Returns API and application version details.
cURL example:
curl -X GET https://secure.hardinlab.com/api/v2/version{
"application_version": "2.4.0",
"api_version": "2.0",
"edition": "oss"
}POST /api/v2/pushesCreate a new push.
Body format: { "push": { ... } }
| Parameter | Type | Required | Description |
|---|---|---|---|
payload | string | Yes | Secret text payload for text, URL or QR pushes. |
files | array | No | Files to attach. When present, the push type becomes file unless kind is explicitly provided. |
kind | string | No | Push type: text, file, url, or qr. Defaults to text when not provided. |
expire_after_days | integer | No | Expiration window in days. If omitted, instance defaults are used. |
expire_after_views | integer | No | Maximum allowed retrieval count. If omitted, instance defaults are used. |
deletable_by_viewer | boolean | No | Allows the recipient to expire the push. |
retrieval_step | boolean | No | Adds an extra retrieval confirmation step. |
passphrase | string | No | Requires this passphrase to retrieve the payload. |
name | string | No | Optional label shown to the owner. |
note | string | No | Optional owner-only note. |
{
"push": {
"payload": "my-secret",
"expire_after_days": 1,
"expire_after_views": 5,
"passphrase": "optional-passphrase",
"deletable_by_viewer": true,
"retrieval_step": true
}
}cURL example (JSON body):
curl -X POST https://secure.hardinlab.com/api/v2/pushes \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"push": {
"payload": "my-secret",
"expire_after_days": 1,
"expire_after_views": 5
}
}'GET /api/v2/pushes/:url_tokenRetrieve a push payload by token. This counts as a view and may expire the push when limits are reached.
Query parameters: passphrase (optional, required when the push is passphrase-protected)
cURL example:
curl -X GET https://secure.hardinlab.com/api/v2/pushes/YOUR_URL_TOKENGET /api/v2/pushes/:url_token/previewReturns the fully-qualified secret URL for a push without retrieving its payload.
cURL example:
curl -X GET https://secure.hardinlab.com/api/v2/pushes/YOUR_URL_TOKEN/previewGET /api/v2/pushes/:url_token/auditReturn audit log entries for a push. Authentication and ownership are required.
Query parameters: page (optional, integer, default 1, valid range 1 to 200)
cURL example:
curl -X GET "https://secure.hardinlab.com/api/v2/pushes/YOUR_URL_TOKEN/audit?page=1" \
-H "Authorization: Bearer YOUR_API_TOKEN"DELETE /api/v2/pushes/:url_tokenExpire a push immediately. Allowed for owners (when authenticated) or for recipients when the push was created with deletable_by_viewer enabled.
cURL example:
curl -X DELETE https://secure.hardinlab.com/api/v2/pushes/YOUR_URL_TOKEN \
-H "Authorization: Bearer YOUR_API_TOKEN"GET /api/v2/pushes/activeList active pushes for the authenticated user.
Query parameters: page (optional, integer, default 1, valid range 1 to 200)
cURL example:
curl -X GET "https://secure.hardinlab.com/api/v2/pushes/active?page=1" \
-H "Authorization: Bearer YOUR_API_TOKEN"GET /api/v2/pushes/expiredList expired pushes for the authenticated user.
Query parameters: page (optional, integer, default 1, valid range 1 to 200)
cURL example:
curl -X GET "https://secure.hardinlab.com/api/v2/pushes/expired?page=1" \
-H "Authorization: Bearer YOUR_API_TOKEN"200 - Successful request201 - Push created400 - Invalid request parameters401 - Authentication required or invalid token403 - Forbidden for current user404 - Resource not found422 - Validation errorFor legacy API v1 documentation, see /api.