Complete JSON API documentation for creating, retrieving and managing pushes in the open-source edition.
Authenticate requests with a Bearer token in the Authorization header.
Create an API token in your account settings at /users/token.
Authorization: Bearer YOUR_API_TOKEN
GET /api/v2/version, GET /api/v2/pushes/:url_token, GET /api/v2/pushes/:url_token/previewGET /api/v2/pushes/:url_token/audit, GET /api/v2/pushes/active, GET /api/v2/pushes/expiredAll endpoints are relative to your installation host:
https://oss.pwpush.com/api/v2
GET /api/v2/version
Returns API version, application details, and a features hash describing which capabilities are enabled on this instance.
cURL example:
curl -X GET https://oss.pwpush.com/api/v2/version
{
"application_version": "2.9.3",
"api_version": "2.1",
"edition": "oss",
"features": {
"anonymous_access": true,
"api_token_authentication": true,
"accounts": {
"enabled": false
},
"pushes": {
"enabled": true,
"email_auto_dispatch": false,
"file_attachments": {
"enabled": false,
"requires_authentication": true
},
"url_pushes": {
"enabled": true
},
"qr_code_pushes": {
"enabled": true
}
},
"requests": {
"enabled": false
}
}
}
POST /api/v2/pushesCreate a new push.
Body format: { "push": { ... } }
| Parameter | Type | Required | Description |
|---|---|---|---|
payload | string | Yes | Secret text payload for text, URL or QR pushes. |
files | array | No | Files to attach. When present, the push type becomes file unless kind is explicitly provided. |
kind | string | No | Push type: text, file, url, or qr. Defaults to text when not provided. |
expire_after_days | integer | No | Expiration window in days. If omitted, instance defaults are used. |
expire_after_views | integer | No | Maximum allowed retrieval count. If omitted, instance defaults are used. |
deletable_by_viewer | boolean | No | Allows the recipient to expire the push. |
retrieval_step | boolean | No | Adds an extra retrieval confirmation step. |
passphrase | string | No | Requires this passphrase to retrieve the payload. |
name | string | No | Optional label shown to the owner. |
note | string | No | Optional owner-only note. |
notify_emails_to | string | No | Optional recipients for the push creation email. Comma-separated list of email addresses. Maximum 5 emails. Requires authentication when provided. |
notify_emails_to_locale | string | No | Optional locale for the push creation email. See the list of available locales in the Supported Locales section. Defaults to en. |
{
"push": {
"payload": "my-secret",
"expire_after_days": 1,
"expire_after_views": 5,
"passphrase": "optional-passphrase",
"deletable_by_viewer": true,
"retrieval_step": true,
"notify_emails_to": "email1@example.com, email2@example.com",
"notify_emails_to_locale": "fr"
}
}
cURL example (JSON body):
curl -X POST https://oss.pwpush.com/api/v2/pushes \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"push": {
"payload": "my-secret",
"expire_after_days": 1,
"expire_after_views": 5
}
}'
GET /api/v2/pushes/:url_tokenRetrieve a push payload by token. This counts as a view and may expire the push when limits are reached.
Query parameters: passphrase (optional, required when the push is passphrase-protected)
cURL example:
curl -X GET https://oss.pwpush.com/api/v2/pushes/YOUR_URL_TOKEN
GET /api/v2/pushes/:url_token/previewReturns the fully-qualified secret URL for a push without retrieving its payload.
cURL example:
curl -X GET https://oss.pwpush.com/api/v2/pushes/YOUR_URL_TOKEN/preview
GET /api/v2/pushes/:url_token/auditReturn audit log entries for a push. Authentication and ownership are required.
Query parameters: page (optional, integer, default 1, valid range 1 to 200)
cURL example:
curl -X GET "https://oss.pwpush.com/api/v2/pushes/YOUR_URL_TOKEN/audit?page=1" \
-H "Authorization: Bearer YOUR_API_TOKEN"
DELETE /api/v2/pushes/:url_tokenExpire a push immediately. Allowed for owners (when authenticated) or for recipients when the push was created with deletable_by_viewer enabled.
cURL example:
curl -X DELETE https://oss.pwpush.com/api/v2/pushes/YOUR_URL_TOKEN \
-H "Authorization: Bearer YOUR_API_TOKEN"
GET /api/v2/pushes/activeList active pushes for the authenticated user.
Query parameters: page (optional, integer, default 1, valid range 1 to 200)
cURL example:
curl -X GET "https://oss.pwpush.com/api/v2/pushes/active?page=1" \
-H "Authorization: Bearer YOUR_API_TOKEN"
GET /api/v2/pushes/expiredList expired pushes for the authenticated user.
Query parameters: page (optional, integer, default 1, valid range 1 to 200)
cURL example:
curl -X GET "https://oss.pwpush.com/api/v2/pushes/expired?page=1" \
-H "Authorization: Bearer YOUR_API_TOKEN"
POST /api/v2/pushes/:url_token/notify_emailsSend an email to notify the push creation to the specified recipients.
Authentication and ownership are required. Only the push owner may send email notifications.
This endpoint is only available when email auto-dispatch is enabled and SMTP is configured. When disabled, the route is not registered and requests return 404 Not Found.
Body format: { "notify_emails_to": "...", "notify_emails_to_locale": "..." }
| Parameter | Type | Required | Description |
|---|---|---|---|
notify_emails_to | string | Yes | Comma-separated list of email addresses. Maximum 5 emails. |
notify_emails_to_locale | string | No | Locale for the email notification. See the list of available locales in the Supported Locales section. Defaults to en. |
cURL example:
curl -X POST "https://oss.pwpush.com/api/v2/pushes/YOUR_URL_TOKEN/notify_emails" \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"notify_emails_to": "email1@example.com, email2@example.com",
"notify_emails_to_locale": "fr"
}'
Success response (201):
{
"message": "Recipient(s) are added to the queue to be sent."
}
Validation error response (422):
Field-level errors are returned as a JSON object keyed by parameter name:
{
"notify_emails_to": ["are not available"],
"notify_emails_to_locale": ["is not available"]
}
The following locales are supported for API requests that accept a locale parameter:
| Locale Code | Language |
|---|---|
ca |
Català |
cs |
Čeština |
cy |
Cymraeg |
da |
Dansk |
de |
Deutsch |
en |
English |
en-GB |
English (UK) |
es |
Español |
eu |
Euskara |
fi |
Suomi |
fr |
Français |
ga |
Gaeilge |
hi |
हिन्दी |
hu |
Magyar |
id |
Indonesian |
is |
Íslenska |
it |
Italiano |
ja |
日本語 |
ko |
한국어 |
lv |
Latviski |
nl |
Nederlands |
no |
Norsk |
pl |
Polski |
pt-BR |
Português |
pt-PT |
Português |
ro |
Română |
ru |
Русский |
sk |
Slovenský |
sr |
Српски |
sv |
Svenska |
th |
ไทย |
uk |
Українська |
ur |
اردو |
zh-CN |
中文 |
200 - Successful request201 - Push created or email notification queued400 - Invalid request parameters401 - Authentication required or invalid token403 - Forbidden for current user404 - Resource not found (includes unavailable notify_emails route when email auto-dispatch is disabled)422 - Validation error429 - Too many email notification requests (notify_emails endpoint only)For legacy API v1 documentation, see /api.