Authentication
API keys, Bearer tokens, and access requirements for the HTMLDrop REST API.
Last updated June 2, 2026
Requirements
- A signed-in HTMLDrop account
- An API key created in Settings
Guest/anonymous sessions cannot create API keys.
Creating a key
- Sign in and open Settings
- Under API access, enter a key name and click Create key
- Copy the secret immediately — it is shown once
Keys are stored as SHA-256 hashes. HTMLDrop cannot recover a lost secret; revoke and create a new key instead.
Using a key
Send the key in the Authorization header:
curl -X POST https://htmldrop.in/api/v1/pages \
-H "Authorization: Bearer hd_live_YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{"html":"<h1>Hello</h1>"}'
Session auth
The same v1 routes accept Supabase session cookies when called from a logged-in browser session. Prefer API keys for server-side automation.
Access during early access
All signed-in users can create keys and call v1 endpoints today. When ENFORCE_PLANS is enabled, API key access will require Pro.