API v1
REST API for programmatic paste creation and management. All endpoints return JSON. Authentication via X-API-Key header.
Authentication
Register to get an API key: POST /api/v1/account/register
Include in requests: X-API-Key: np_xxxxxxxxxxxx
Endpoints
Create a new paste. Content must be base64-encoded ciphertext (client-side encrypted with AES-256-GCM). The encryption key is returned once. Save it.
Get paste metadata (no content or keys). Returns syntax, expiry, view count, size.
Download the raw encrypted paste blob. Returns application/octet-stream.
Delete a paste. Requires X-Delete-Token header or ?delete_token= query parameter.
Create an anonymous account. Returns an API key. No email or personal data required.
Get account status: subscription tier, paste usage, API request count. Requires X-API-Key.
Create a payment invoice for premium subscription. Returns a Monero subaddress and QR code. Requires X-API-Key.
Check payment status. Returns confirmations count and completion status. Requires X-API-Key.
Rate Limits
| Tier | Limit |
|---|---|
| Free | 20 pastes/hour |
| Premium | Unlimited |
Encryption
NoirPaste uses AES-256-GCM client-side encryption. The server never sees plaintext.
The decryption key is embedded in the URL fragment (#key=...). Fragments are never transmitted in HTTP requests.
For the API: the key is returned once in the creation response. Store it securely.
For the CLI: noirpaste create --encrypt file.txt handles everything automatically.