PastedNow

Authentication

All endpoints work without authentication for basic paste creation and retrieval. To associate pastes with your account, use a Bearer API key.

Generate an API key from your Dashboard → API Keys section. Include it in the Authorization header:

curl -H "Authorization: Bearer pn_YOUR_API_KEY" \\
  https://pastednow.com/api/user

Security: API keys are hashed with SHA-256 before storage — the raw key is shown once on creation. Treat it like a password. You can revoke keys at any time from the dashboard.

Rate Limits

Auth Method	Limit	Window
Anonymous (no key)	`10` requests	per minute
Bearer API Key	`60` requests	per minute
Session (browser)	`30` requests	per minute

When rate limited, the response includes an X-RateLimit-Reset header with the reset timestamp.

POST/api/pastes

Create a new paste. Returns the paste URL and a delete token.

curl -X POST https://pastednow.com/api/pastes \\
  -H "Content-Type: application/json" \\
  -H "Authorization: Bearer pn_YOUR_KEY" \\
  -d '{
    "content": "console.log(\\"hello world\\");",
    "title": "My snippet",
    "language": "javascript",
    "expiresIn": "1d"
  }'

Response 201:

{
  "id": "a1b2c3d4",
  "url": "https://pastednow.com/a1b2c3d4",
  "rawUrl": "https://pastednow.com/api/pastes/a1b2c3d4/raw",
  "deleteToken": "xyz..."
}

GET/api/pastes/:id

Fetch a paste by ID. Use the raw endpoint for plain text output.

# JSON response
curl https://pastednow.com/api/pastes/a1b2c3d4

# Plain text (pipe-friendly)
curl https://pastednow.com/api/pastes/a1b2c3d4/raw

POST/api/pastesencrypted

Create a password-protected paste. Fetch by passing the password as a query parameter.

# Create encrypted paste
curl -X POST https://pastednow.com/api/pastes \\
  -H "Content-Type: application/json" \\
  -d '{"content": "secret data", "password": "mypassword"}'

# Fetch with password
curl "https://pastednow.com/api/pastes/a1b2c3d4/raw?password=mypassword"

DELETE/api/pastes/:id

Delete a paste using the delete token (from creation) or Bearer auth (for your own pastes).

# With delete token (no auth needed)
curl -X DELETE "https://pastednow.com/api/pastes/a1b2c3d4?token=xyz..."

# With Bearer auth (owner only)
curl -X DELETE https://pastednow.com/api/pastes/a1b2c3d4 \\
  -H "Authorization: Bearer pn_YOUR_KEY"

GET/api/userauth required

Returns the authenticated user's profile information.

curl -H "Authorization: Bearer pn_YOUR_KEY" \\
  https://pastednow.com/api/user

Response 200:

{
  "id": "clx...",
  "name": "YourName",
  "email": "you@example.com",
  "role": "USER",
  "xp": 1250,
  "rankTier": "contributor",
  "pasteCount": 42,
  "totalViews": 8190,
  "createdAt": "2025-01-15T..."
}

API Key Management

Manage your API keys programmatically. All key management endpoints require session authentication (browser cookie).

GET/api/keys

List your API keys (prefix, name, usage info — no raw keys).

POST/api/keys

Create a new API key. The raw key is returned once in the response.

curl -X POST https://pastednow.com/api/keys \\
  -H "Content-Type: application/json" \\
  -b "authjs.session-token=YOUR_SESSION" \\
  -d '{"name": "My CLI key"}'

DELETE/api/keys?id=KEY_ID

Revoke an API key by its ID.

Statistics

GET/api/stats

Public platform statistics (total pastes, users, views).

GET/api/stats/chart

14-day daily activity data (views, pastes, new users). Used by the /statistic page.

GET/api/health

Health check endpoint. Returns status and timestamp.

Create Paste Options

Field	Type	Default	Description
`content`	string	`required`	The paste content (max 512 KB)
`title`	string	`""`	Optional title (max 100 chars)
`language`	string	`"auto"`	Language for syntax highlighting
`password`	string	`null`	Encrypt content with this password
`expiresIn`	enum	`"never"`	"1h", "1d", "1w", "never", "burn"
`isPublic`	boolean	`false`	Whether the paste is publicly listed

Error Responses

All errors return a JSON object with an error field:

{ "error": "Rate limit exceeded. Try again later." }