Complete JSON API documentation for creating, retrieving and managing pushes in the open-source edition.
Authenticate requests with a Bearer token in the Authorization header.
Create an API token in your account settings at /users/token.
Authorization: Bearer YOUR_API_TOKEN
GET /api/v2/version, GET /api/v2/pushes/:url_token, GET /api/v2/pushes/:url_token/previewGET /api/v2/pushes/:url_token/audit, GET /api/v2/pushes/active, GET /api/v2/pushes/expiredAll endpoints are relative to your installation host:
https://pwpush.involas.cloud/api/v2
GET /api/v2/version
Returns API version, application details, and a features hash describing which capabilities are enabled on this instance.
cURL example:
curl -X GET https://pwpush.involas.cloud/api/v2/version
{
"application_version": "2.9.0",
"api_version": "2.1",
"edition": "oss",
"features": {
"anonymous_access": false,
"api_token_authentication": true,
"accounts": {
"enabled": false
},
"pushes": {
"enabled": true,
"email_auto_dispatch": false,
"file_attachments": {
"enabled": true,
"requires_authentication": true
},
"url_pushes": {
"enabled": true
},
"qr_code_pushes": {
"enabled": true
}
},
"requests": {
"enabled": false
}
}
}
POST /api/v2/pushesCreate a new push.
Body format: { "push": { ... } }
| Parameter | Type | Required | Description |
|---|---|---|---|
payload | string | Yes | Secret text payload for text, URL or QR pushes. |
files | array | No | Files to attach. When present, the push type becomes file unless kind is explicitly provided. |
kind | string | No | Push type: text, file, url, or qr. Defaults to text when not provided. |
expire_after_days | integer | No | Expiration window in days. If omitted, instance defaults are used. |
expire_after_views | integer | No | Maximum allowed retrieval count. If omitted, instance defaults are used. |
deletable_by_viewer | boolean | No | Allows the recipient to expire the push. |
retrieval_step | boolean | No | Adds an extra retrieval confirmation step. |
passphrase | string | No | Requires this passphrase to retrieve the payload. |
name | string | No | Optional label shown to the owner. |
note | string | No | Optional owner-only note. |
notify_by_email | object | No | Optional recipients for the push creation email. |
notify_by_email.recipients | string | No | Optional recipients for the push creation email. Comma-separated list of email addresses. Maximum 5 emails. |
notify_by_email.locale | string | No | Optional locale for the push creation email. See the list of available locales in the Supported Locales section. Defaults to en. |
{
"push": {
"payload": "my-secret",
"expire_after_days": 1,
"expire_after_views": 5,
"passphrase": "optional-passphrase",
"deletable_by_viewer": true,
"retrieval_step": true,
"notify_by_email": {
"recipients": "email1@example.com, email2@example.com",
"locale": "fr"
}
}
}
cURL example (JSON body):
curl -X POST https://pwpush.involas.cloud/api/v2/pushes \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"push": {
"payload": "my-secret",
"expire_after_days": 1,
"expire_after_views": 5
}
}'
GET /api/v2/pushes/:url_tokenRetrieve a push payload by token. This counts as a view and may expire the push when limits are reached.
Query parameters: passphrase (optional, required when the push is passphrase-protected)
cURL example:
curl -X GET https://pwpush.involas.cloud/api/v2/pushes/YOUR_URL_TOKEN
GET /api/v2/pushes/:url_token/previewReturns the fully-qualified secret URL for a push without retrieving its payload.
cURL example:
curl -X GET https://pwpush.involas.cloud/api/v2/pushes/YOUR_URL_TOKEN/preview
GET /api/v2/pushes/:url_token/auditReturn audit log entries for a push. Authentication and ownership are required.
Query parameters: page (optional, integer, default 1, valid range 1 to 200)
cURL example:
curl -X GET "https://pwpush.involas.cloud/api/v2/pushes/YOUR_URL_TOKEN/audit?page=1" \
-H "Authorization: Bearer YOUR_API_TOKEN"
DELETE /api/v2/pushes/:url_tokenExpire a push immediately. Allowed for owners (when authenticated) or for recipients when the push was created with deletable_by_viewer enabled.
cURL example:
curl -X DELETE https://pwpush.involas.cloud/api/v2/pushes/YOUR_URL_TOKEN \
-H "Authorization: Bearer YOUR_API_TOKEN"
GET /api/v2/pushes/activeList active pushes for the authenticated user.
Query parameters: page (optional, integer, default 1, valid range 1 to 200)
cURL example:
curl -X GET "https://pwpush.involas.cloud/api/v2/pushes/active?page=1" \
-H "Authorization: Bearer YOUR_API_TOKEN"
GET /api/v2/pushes/expiredList expired pushes for the authenticated user.
Query parameters: page (optional, integer, default 1, valid range 1 to 200)
cURL example:
curl -X GET "https://pwpush.involas.cloud/api/v2/pushes/expired?page=1" \
-H "Authorization: Bearer YOUR_API_TOKEN"
POST /api/v2/pushes/:url_token/notify_by_emailSend an email to notify the push creation to the specified recipients.
| Parameter | Type | Required | Description |
|---|---|---|---|
recipients | string | Yes | Comma-separated list of email addresses. Maximum 5 emails. |
locale | string | No | Locale for the email notification. See the list of available locales in the Supported Locales section. Defaults to en. |
cURL example:
curl -X POST "https://pwpush.involas.cloud/api/v2/pushes/YOUR_URL_TOKEN/notify_by_email" \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"recipients": "email1@example.com, email2@example.com",
"locale": "fr"
}'
The following locales are supported for API requests that accept a locale parameter:
| Locale Code | Language |
|---|---|
ca |
Català |
cs |
Čeština |
cy |
Cymraeg |
da |
Dansk |
de |
Deutsch |
en |
English |
en-GB |
English (UK) |
es |
Español |
eu |
Euskara |
fi |
Suomi |
fr |
Français |
ga |
Gaeilge |
hi |
हिन्दी |
hu |
Magyar |
id |
Indonesian |
is |
Íslenska |
it |
Italiano |
ja |
日本語 |
ko |
한국어 |
lv |
Latviski |
nl |
Nederlands |
no |
Norsk |
pl |
Polski |
pt-BR |
Português |
pt-PT |
Português |
ro |
Română |
ru |
Русский |
sk |
Slovenský |
sr |
Српски |
sv |
Svenska |
th |
ไทย |
uk |
Українська |
ur |
اردو |
zh-CN |
中文 |
200 - Successful request201 - Push created400 - Invalid request parameters401 - Authentication required or invalid token403 - Forbidden for current user404 - Resource not found422 - Validation errorFor legacy API v1 documentation, see /api.