API Reference¶
All endpoints accept and return raw text or JSON. No authentication required for public pastes.
Create Paste¶
Headers¶
| Header | Required | Description |
|---|---|---|
X-Slug |
No | Custom slug (random if not provided) |
X-Private |
No | Set to true for private paste |
X-Lang |
No | Language for syntax highlighting |
Body¶
Raw text content of the paste.
Response: 201 Created¶
For private pastes:
Response: 409 Conflict¶
Response: 403 Forbidden¶
Returned when X-Private: true is sent but the server has no PRIVATE_USER/PRIVATE_PASS configured.
Examples¶
# Create paste
curl -X POST https://paste.semi.sh/api/paste -d "hello world"
# With custom slug
curl -X POST https://paste.semi.sh/api/paste \
-H "X-Slug: mycode" \
-d "content here"
# Private paste
curl -X POST https://paste.semi.sh/api/paste \
-H "X-Private: true" \
-H "X-Lang: go" \
-d "package main"
# From file
curl -X POST https://paste.semi.sh/api/paste \
-H "X-Slug: deploy" \
-H "X-Lang: bash" \
--data-binary @deploy.sh
Overwrite Paste¶
Replaces the content of an existing paste. For private pastes, requires Basic Auth.
Response: 200 OK¶
Response: 401 Unauthorized¶
Examples¶
# Overwrite public paste
curl -X PUT https://paste.semi.sh/api/paste/mycode -d "updated content"
# Overwrite private paste (requires auth)
curl -X PUT -u admin:secret https://paste.semi.sh/api/paste/secrets -d "new secrets"
Get Public Paste¶
Browser (HTML)¶
Returns an HTML page with syntax highlighting (dark theme). The User-Agent header is checked to determine if the request is from a browser.
curl / tools (raw text)¶
Returns raw text with Content-Type: text/plain.
Force raw text¶
Always returns raw text regardless of User-Agent.
Response: 200 OK¶
Browser: Content-Type: text/html
curl: Content-Type: text/plain; charset=utf-8
Response: 404 Not Found¶
Paste does not exist or is private.
Examples¶
# Browser: HTML with syntax highlighting
curl -s https://paste.semi.sh/abc123 | head
# Force raw text
curl -s https://paste.semi.sh/abc123?raw=1
Get Private Paste¶
Returns HTML with syntax highlighting for browsers, raw text for curl/tools. Requires HTTP Basic Auth.
Browser (HTML)¶
Returns an HTML page with syntax highlighting (dark theme). The User-Agent header is checked to determine if the request is from a browser.
curl / tools (raw text)¶
Returns raw text with Content-Type: text/plain.
Force raw text¶
Always returns raw text regardless of User-Agent.
Response: 200 OK¶
Browser: Content-Type: text/html
curl: Content-Type: text/plain; charset=utf-8
Response: 401 Unauthorized¶
Examples¶
# Browser: HTML with syntax highlighting (prompts for credentials)
curl -u admin:secret https://paste.semi.sh/private/secrets
# Force raw text
curl -u admin:secret https://paste.semi.sh/private/secrets?raw=1
Health Check¶
Response: 200 OK¶
Examples¶
Landing Page¶
Returns a minimal HTML page with usage instructions and a link to the source repository.
Error Responses¶
All errors return JSON with an error field:
| Status | Error | Cause |
|---|---|---|
| 400 | invalid_slug |
Slug contains invalid characters or is reserved |
| 403 | private_auth_not_configured |
Private paste requested but server has no auth |
| 404 | (empty) | Paste not found |
| 409 | slug_exists |
Slug already in use in the same scope (public or private) |
| 413 | (empty) | Paste exceeds 10 MB limit |
| 500 | (empty) | Server error |
Slug Validation¶
Slugs must:
- Be 1-64 characters long
- Contain only
[a-zA-Z0-9_-] - Not be a reserved word:
private,api,health - Not contain path traversal sequences (
..,/,\)