Automate pastes, folders, and protected links.
The REST API is scoped to account-owned data through API keys. Public and unlisted pastes can be read by ID, while writes require an account API key.
Authentication
Create an API key in the dashboard and send it as a Bearer token. API keys use the `wk_live_` prefix and are stored as hashes server-side.
Base URL
All versioned API requests use this base URL:
List account pastes
Returns pastes owned by the API key user, sorted by creation date.
Create a paste
Send either `content` for a single paste or `files[]` for a multi-file paste. The total stored content is limited to 1MB.
Single paste content. Use this or files[].
Optional filename for multi-file pastes.
Language id: typescript, javascript, python, markdown, shell, and more.
Required file content.
Optional title. Max 200 characters.
public, unlisted, protected, or private.
Required by clients when visibility is protected.
Optional expiration timestamp.
Deletes the paste after the first successful read.
Read a paste
Reads public, unlisted, or protected pastes by short ID. Private pastes are not readable through this endpoint.
Delete a paste
Deletes a paste only when it belongs to the API key owner.
Folder API
Folder endpoints are account-scoped and always require the Bearer API key.
Errors
| Code | Meaning |
|---|---|
| 400 | Invalid JSON or validation failed. |
| 401 | Missing, malformed, or invalid API key. |
| 403 | Protected/private access denied. |
| 404 | Paste or owned resource not found. |
| 500 | Unexpected server error. |