PasteWizard API

JSON API to create, read, update and delete pastes using API tokens.

Base URL: https://pastebox.in/api/v1/

Auth: Bearer YOUR_API_TOKEN

On this page

Auth header

Authorization: Bearer YOUR_API_TOKEN

Fallback query param

?token=YOUR_API_TOKEN

1. Overview

All endpoints live under: https://pastebox.in/api/v1/

Responses are JSON unless otherwise noted (the raw endpoint is plain text).

Authentication

Every request must include a valid API token. You can manage your tokens on /api_keys.php (“My API Keys”).

Send the token in one of these ways:

  • Recommended (Bearer header)
    Authorization: Bearer YOUR_API_TOKEN
  • Fallback parameter
    ?token=YOUR_API_TOKEN or form field token

Scopes

Each token has one or more scopes:

  • read – view / read pastes
  • write – create, edit, delete pastes
  • admin – full access (wildcard, passes all checks)

Rate limiting

Per-token rate limit is controlled by rate_limit_per_minute.

  • 0 = unlimited
  • Otherwise, hitting the limit returns HTTP 429:
{
  "ok": false,
  "error": "Rate limit exceeded",
  "limit_per_minute": 60
}

Standard JSON format

Success:

{
  "ok": true,
  "data": { ... }  // or "paste", "hash", etc.
}

Error:

{
  "ok": false,
  "error": "Human readable error message"
}

2. Endpoints

2.1 Get a paste (JSON) GET scope: read

Endpoint:
GET https://pastebox.in/api/v1/paste.php?hash={HASH}

Scopes required: read

Example cURL

curl -X GET \
  "https://pastebox.in/api/v1/paste.php?hash=Ab3Xy9" \
  -H "Authorization: Bearer YOUR_API_TOKEN"

Example response

{
  "ok": true,
  "paste": {
    "hash": "Ab3Xy9",
    "title": "Example paste",
    "content": "echo "Hello";",
    "language": "php",
    "privacy": "public",
    "burn_after_read": 0,
    "short_url": "https://pastebox.in/s/XYZ123",
    "created_at": "2025-01-01 12:34:56",
    "expire_at": null,
    "view_count": 42,
    "owner": {
      "id": 123,
      "display_name": "John Doe"
    }
  }
}

If the paste is private and not owned by the token user, expired, or already burned, the API returns "ok": false with an error message.

2.2 Raw paste text GET scope: read

Endpoint:
GET https://pastebox.in/api/v1/raw.php?hash={HASH}

This returns the paste content as text/plain (no JSON). Only public / accessible pastes are returned.

Example cURL

curl -X GET \
  "https://pastebox.in/api/v1/raw.php?hash=Ab3Xy9&token=YOUR_API_TOKEN"

2.3 Create a paste POST scope: write

Endpoint:
POST https://pastebox.in/api/v1/paste_create.php

Scopes required: write

Content types

  • application/json
  • application/x-www-form-urlencoded

Fields

  • title (string, optional)
  • content (string, required)
  • language (string, optional – e.g. php, javascript, markdown, auto)
  • privacy (public|unlisted|private, default public)
  • expiry (never|10m|1h|1d|1w|1m, default never)
  • password (string, optional – protects the paste)
  • highlight (0|1, default 1 – if 0, stored as plain text)
  • burn_after_read (0|1, optional – one-time view paste)

Example cURL (JSON)

curl -X POST \
  "https://pastebox.in/api/v1/paste_create.php" \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "title": "API created paste",
    "content": "console.log(\"Hello from API\");",
    "language": "javascript",
    "privacy": "unlisted",
    "expiry": "1h",
    "burn_after_read": 0
  }'

Example response

{
  "ok": true,
  "hash": "VkT1z5b8",
  "url": "https://pastebox.in/p/VkT1z5b8",
  "short_url": "https://pastebox.in/s/GYgDPw"
}

2.4 Edit a paste POST scope: write

Endpoint:
POST https://pastebox.in/api/v1/paste_edit.php

Scopes required: write

The token’s user must be the owner of the paste (or have admin scope).

Fields

  • hash (string, required)
  • title (string, optional – empty string to clear)
  • content (string, optional)
  • language (string, optional – auto allowed to re-detect)
  • privacy (public|unlisted|private, optional)
  • expiry (keep|never|10m|1h|1d|1w|1m, optional)
  • password (string, optional – set new password)
  • clear_password (0|1, optional – wipe existing password)

Example cURL

curl -X POST \
  "https://pastebox.in/api/v1/paste_edit.php" \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "hash=VkT1z5b8&title=Updated title from API&expiry=1d"

Example response

{
  "ok": true,
  "hash": "VkT1z5b8",
  "url": "https://pastebox.in/p/VkT1z5b8"
}

2.5 Delete a paste POST scope: write/admin

Endpoint:
POST https://pastebox.in/api/v1/paste_delete.php

Scopes required: write (or admin)

Fields

  • hash (string, required)

Example cURL

curl -X POST \
  "https://pastebox.in/api/v1/paste_delete.php" \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "hash=VkT1z5b8"

Example response

{
  "ok": true,
  "deleted": true
}

3. Burn After Read

Creating a paste with burn_after_read = 1 makes it a one-time view paste:

  • First access shows a warning page (“Burn After Read paste”).
  • On confirmation, the content is shown.
  • After that view, the paste is wiped and marked as burned.
  • Subsequent API calls will return an error saying it was already burned.

5. API Logs

Every authenticated API request is logged (token, user, endpoint, status, IP, time). Admins can browse the logs in Admin → API Logs.

6. Quick Start

  1. Log in to your account.
  2. Go to My API Keys (/api_keys.php).
  3. Create a new token, copy it and keep it secret.
  4. Optionally, as admin, edit scopes and rate limits in Admin → API Tokens.
  5. Use the cURL examples above with your token.