Password Pusher API v2
BETAComprehensive REST API documentation for integrating Password Pusher into your applications
Beta Notice: API v2 is currently in beta. While we've made every effort to ensure stability, there may be breaking changes before the final release. We welcome your feedback!
Requests
Requests enable secure, two-way communication for collecting sensitive information. Create a request with a secret URL, share it with anyone, and receive secure responses containing text or files—all without exposing sensitive data in email, chat, or logs.
Perfect for collecting credentials, API keys, confidential documents, or any sensitive information from colleagues, clients, or customers. Responses are automatically encrypted and auto-delete after a specified duration to minimize data exposure. Full lifecycle tracking is available in the audit logs of each request.
Requests have three states:
POST /api/v2/requests
Creates a new request. Requires authentication.
Request Body (JSON)
{
"request": {
"request": "Please provide your hosting information here.",
"close_after_duration": 8,
"passphrase": "optional_passphrase",
"name": "Database Access Request",
"note": "Internal note",
"retrieval_step": true,
"include_requestor": false,
"response_file_attachments": true
}
}Request Body with Files (multipart/form-data)
curl -X POST https://eu.pwpush.com/api/v2/requests \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-F "request[request]=Please provide your hosting information here." \
-F "request[close_after_duration]=8" \
-F "request[name]=Database Access Request" \
-F "request[files][]=@/path/to/document.pdf" \
-F "request[files][]=@/path/to/spreadsheet.xlsx"
Note: When attaching files, use multipart/form-data format. Multiple files can be attached using request[files][].
Parameters
| Parameter | Type | Description |
|---|---|---|
request
required
|
string | The request text/message to share |
close_after_duration
optional
|
integer (0-17) | Duration enum - when to close the request |
passphrase
optional
|
string | Require recipients to enter this passphrase to view |
name
optional
|
string | A name shown in the dashboard, notifications and emails |
note
optional
|
string | Internal note (only visible to creator) |
retrieval_step
optional
|
boolean | Helps to avoid chat systems and URL scanners from eating up views |
include_requestor
optional
|
boolean | Include requestor information in the request |
response_file_attachments
optional
|
boolean | Allow file attachments in responses |
files
optional
|
array | File(s) to upload and attach to the request |
notify_emails_to
optional
|
string | Email addresses to be notified when a request is created (comma-separated) |
notify_emails_to_locale
optional
|
string | Locale (language) to send email notification(s) in |
account_id
optional
|
integer | The account ID to associate the request with |
Duration Values for close_after_duration
Example Request
curl -X POST https://eu.pwpush.com/api/v2/requests \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"request": {
"request": "Please provide your hosting information here.",
"close_after_duration": 8,
"passphrase": "optional_passphrase",
"name": "Database Access Request"
}
}'require 'net/http'
require 'json'
require 'uri'
uri = URI('https://eu.pwpush.com/api/v2/requests')
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
request = Net::HTTP::Post.new(uri.path)
request['Authorization'] = 'Bearer YOUR_API_TOKEN'
request['Content-Type'] = 'application/json'
request.body = {
request: {
request: 'Please provide your hosting information here.',
close_after_duration: 8,
passphrase: 'optional_passphrase',
name: 'Database Access Request'
}
}.to_json
response = http.request(request)
puts response.bodyimport requests
import json
url = 'https://eu.pwpush.com/api/v2/requests'
headers = {
'Authorization': 'Bearer YOUR_API_TOKEN',
'Content-Type': 'application/json'
}
data = {
'request': {
'request': 'Please provide your hosting information here.',
'close_after_duration': 8,
'passphrase': 'optional_passphrase',
'name': 'Database Access Request'
}
}
response = requests.post(url, headers=headers, json=data)
print(response.json())$headers = @{
'Authorization' = 'Bearer YOUR_API_TOKEN'
'Content-Type' = 'application/json'
}
$body = @{
request = @{
request = 'Please provide your hosting information here.'
close_after_duration = 8
passphrase = 'optional_passphrase'
name = 'Database Access Request'
}
} | ConvertTo-Json -Depth 10
$response = Invoke-RestMethod -Uri 'https://eu.pwpush.com/api/v2/requests' `
-Method Post `
-Headers $headers `
-Body $body
$response | ConvertTo-JsonGET /api/v2/requests/:url_token
Retrieves the content of an open or ready request. This may close the request if it's configured to close after a certain number of views.
Example Request
curl -X GET https://eu.pwpush.com/api/v2/requests/orpw2wkg00vpn0a
Example Request with Passphrase
curl -X GET "https://eu.pwpush.com/api/v2/requests/orpw2wkg00vpn0a?passphrase=your_passphrase"
Example Response (Open Request)
{
"close_after_duration": 8,
"url_token": "orpw2wkg00vpn0a",
"retrieval_step": true,
"passphrase": "optional_passphrase",
"created_at": "2023-10-27T10:00:00.000Z",
"updated_at": "2023-10-27T10:00:00.000Z",
"state": "open",
"include_requestor": false,
"response_file_attachments": true,
"close_after_at": "2023-11-04T10:00:00.000Z",
"days_remaining": 8,
"json_url": "https://eu.pwpush.com/r/orpw2wkg00vpn0a.json",
"html_url": "https://eu.pwpush.com/r/orpw2wkg00vpn0a",
"request": "Please provide your hosting information here.",
"response": null,
"files": []
}Example Response (Ready Request)
{
"close_after_duration": 8,
"url_token": "orpw2wkg00vpn0a",
"retrieval_step": true,
"passphrase": "optional_passphrase",
"created_at": "2023-10-27T10:00:00.000Z",
"updated_at": "2023-10-27T10:00:00.000Z",
"state": "ready",
"include_requestor": false,
"response_file_attachments": true,
"close_after_at": "2023-11-04T10:00:00.000Z",
"days_remaining": 8,
"json_url": "https://eu.pwpush.com/r/orpw2wkg00vpn0a.json",
"html_url": "https://eu.pwpush.com/r/orpw2wkg00vpn0a",
"request": null,
"response": "The API key is: sk_live_1234567890",
"files": []
}
Note: If the request has a passphrase, include it as a query parameter: ?passphrase=your_passphrase. Retrieving a request counts as a view and may close the request if it reaches its view limit.
PATCH /api/v2/requests/:url_token/respond
Responds to an open request, changing its state to 'ready'.
Request Body (JSON)
{
"request": {
"response": "The API key is: sk_live_1234567890"
}
}Request Body with Files (multipart/form-data)
curl -X PATCH https://eu.pwpush.com/api/v2/requests/orpw2wkg00vpn0a/respond \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-F "request[response]=The API key is: sk_live_1234567890" \
-F "request[files][]=@/path/to/response_doc.pdf"
Note: When attaching files, use multipart/form-data format. Multiple files can be attached using request[files][].
Parameters
| Parameter | Type | Description |
|---|---|---|
response
required
|
string | The response text/message to the request |
files
optional
|
array | File(s) to attach to the response (requires response_file_attachments: true on the request) |
Note: Only requests in the "open" state can receive responses. Once a response is submitted, the request moves to the "ready" state and cannot accept additional responses.
GET /api/v2/requests/:url_token/preview
Returns the fully qualified secret URL of a request without retrieving the content.
Example Request
curl -X GET https://eu.pwpush.com/api/v2/requests/orpw2wkg00vpn0a/preview
Example Response
{
"url": "https://eu.pwpush.com/r/orpw2wkg00vpn0a"
}GET /api/v2/requests/:url_token/audit
Returns the audit log for a request. Requires authentication and ownership.
Query Parameters: page (optional): Page number for pagination. Returns up to 50 audit log entries per page.
Example Request
curl -X GET https://eu.pwpush.com/api/v2/requests/orpw2wkg00vpn0a/audit \
-H "Authorization: Bearer YOUR_API_TOKEN"
Example Response
{
"logs": [
{
"ip": "192.168.1.100",
"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
"referrer": null,
"kind": "creation",
"created_at": "2023-10-27T10:00:00.000Z",
"updated_at": "2023-10-27T10:00:00.000Z"
},
{
"ip": "192.168.1.101",
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36",
"referrer": "https://example.com",
"kind": "view",
"created_at": "2023-10-27T10:05:00.000Z",
"updated_at": "2023-10-27T10:05:00.000Z"
},
{
"ip": "192.168.1.102",
"user_agent": "Mozilla/5.0 (iPhone; CPU iPhone OS 14_0 like Mac OS X) AppleWebKit/605.1.15",
"referrer": null,
"kind": "response",
"created_at": "2023-10-27T10:10:00.000Z",
"updated_at": "2023-10-27T10:10:00.000Z"
}
]
}
Note: The kind field indicates the type of action logged. Common values include: creation, view, response, close, failed_passphrase, and failed_view.
DELETE /api/v2/requests/:url_token
Immediately closes a request and permanently deletes all sensitive data associated with it. This action is irreversible and cannot be undone. Requires authentication and ownership.
Example Request
curl -X DELETE https://eu.pwpush.com/api/v2/requests/orpw2wkg00vpn0a \
-H "Authorization: Bearer YOUR_API_TOKEN"
Example Response
{
"close_after_duration": null,
"url_token": "orpw2wkg00vpn0a",
"retrieval_step": false,
"passphrase": null,
"created_at": "2023-10-27T10:00:00.000Z",
"updated_at": "2023-10-27T10:15:00.000Z",
"state": "closed",
"include_requestor": false,
"response_file_attachments": false,
"close_after_at": null,
"days_remaining": null,
"json_url": "https://eu.pwpush.com/r/orpw2wkg00vpn0a.json",
"html_url": "https://eu.pwpush.com/r/orpw2wkg00vpn0a",
"account_id": 1,
"note": null,
"name": null,
"request": null,
"response": null,
"files": []
}GET /api/v2/requests/active
Returns a paginated list of your active (open or ready) requests. Requires authentication.
GET /api/v2/requests/open
Returns a paginated list of your open requests. Requires authentication.
GET /api/v2/requests/ready
Returns a paginated list of your ready requests. Requires authentication.
GET /api/v2/requests/closed
Returns a paginated list of your closed requests. Requires authentication.
Query Parameters: page (optional): Page number for pagination. Returns up to 50 requests per page.
Request States
Open
The request has been created and is waiting for a response. The request text is visible, but no response has been provided yet.
Ready
The request has been responded to and now contains the response payload. The request text is no longer visible, but the response is available for retrieval.
Closed
The request has been handled and all sensitive data (both request and response) has been permanently deleted. This state is irreversible.
Example Request (Active)
curl -X GET https://eu.pwpush.com/api/v2/requests/active \
-H "Authorization: Bearer YOUR_API_TOKEN"
Example Request (Open)
curl -X GET https://eu.pwpush.com/api/v2/requests/open \
-H "Authorization: Bearer YOUR_API_TOKEN"
Example Request (Ready)
curl -X GET https://eu.pwpush.com/api/v2/requests/ready \
-H "Authorization: Bearer YOUR_API_TOKEN"
Example Request (Closed)
curl -X GET https://eu.pwpush.com/api/v2/requests/closed \
-H "Authorization: Bearer YOUR_API_TOKEN"
Example Response
[
{
"close_after_duration": 7,
"url_token": "abc123xyz789",
"retrieval_step": false,
"passphrase": null,
"created_at": "2023-10-27T10:00:00.000Z",
"updated_at": "2023-10-27T10:00:00.000Z",
"state": "open",
"include_requestor": false,
"response_file_attachments": false,
"close_after_at": "2023-11-03T10:00:00.000Z",
"days_remaining": 7,
"json_url": "https://eu.pwpush.com/r/abc123xyz789.json",
"html_url": "https://eu.pwpush.com/r/abc123xyz789",
"account_id": 1,
"note": null,
"name": null
},
{
"close_after_duration": 7,
"url_token": "def456uvw012",
"retrieval_step": false,
"passphrase": null,
"created_at": "2023-10-26T15:30:00.000Z",
"updated_at": "2023-10-27T09:00:00.000Z",
"state": "ready",
"include_requestor": false,
"response_file_attachments": false,
"close_after_at": "2023-11-02T15:30:00.000Z",
"days_remaining": 6,
"json_url": "https://eu.pwpush.com/r/def456uvw012.json",
"html_url": "https://eu.pwpush.com/r/def456uvw012",
"account_id": 1,
"note": null,
"name": null
}
]
Note: The /active endpoint returns requests in both open and ready states. Use /open or /ready endpoints to filter by specific state.
Last updated: December 01, 2025