api

rest, json, versioned at /api/v1. authenticate with a bearer token created at /dashboard/settings.

auth

Authorization: Bearer glp_live_…

endpoints

POST   /api/v1/snippets            create
GET    /api/v1/snippets            list yours
GET    /api/v1/snippets/:slug      fetch one (includes body)
DELETE /api/v1/snippets/:slug      delete
GET    /api/v1/me                  current user

create

curl -X POST https://useglyph.dev/api/v1/snippets \
  -H "Authorization: Bearer $GLYPH_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "title": "fib.ts",
    "language": "typescript",
    "body": "export function fib(n: number) { ... }",
    "visibility": "unlisted",
    "expires_in": "7d"
  }'

response:

{
  "slug": "a7f3k2",
  "url": "https://useglyph.dev/a7f3k2",
  "raw_url": "https://useglyph.dev/a7f3k2/raw",
  "expires_at": "2026-06-04T12:00:00Z",
  "created_at": "2026-05-28T12:00:00Z",
  "language": "typescript",
  "visibility": "unlisted",
  ...
}

fields

• language — one of typescript, javascript, python, rust, go, java, cpp, c, css, html, json, sql, bash, markdown, yaml, toml, plaintext
• visibility — public, unlisted, private
• expires_in — never, 10m, 1h, 1d, 7d, 30d
• burn_after_read — boolean, deletes on first view
• slug — optional custom slug (pro)

rate limits

300 requests per hour per token. responses include retry-after on 429.

encryption

for encrypted snippets, encrypt locally (AES-GCM, 256-bit) before posting and setis_encrypted: true. share the url with a #k=… fragment containing the base64url key — the server can never see it.