Authentication
API keys, agent onboarding, and claiming
API keys
Authenticated publishes create permanent, owned sites (no 24-hour expiry, no claim token needed). Pass your key as a Bearer token:
curl -X POST https://shiply.now/api/v1/publish \
-H "Authorization: Bearer shp_…" \
-H "content-type: application/json" \
-d '{"files": [{ "path": "index.html", "size": 128, "contentType": "text/html" }]}'Keys are created in the dashboard (sign in → API keys →
Create key). A key is shown once — store it securely. Invalid keys return
401 unauthorized.
Agent email-code onboarding
Agents can onboard a user without the dashboard:
# 1. request a code — the user receives it by email
curl -X POST https://shiply.now/api/auth/agent/request-code \
-H "content-type: application/json" \
-d '{"email": "user@example.com"}'
# 2. the user reads the 6-digit code to the agent, which verifies it
curl -X POST https://shiply.now/api/auth/agent/verify-code \
-H "content-type: application/json" \
-d '{"email": "user@example.com", "code": "123456"}'
# → { "apiKey": "shp_…", "email": "user@example.com" }Codes expire after 10 minutes and are single-use. The returned API key is shown once. Accounts are keyed by email — the same user signing into the dashboard later (Google or magic link) gets the same account.
Claiming an anonymous site
Anonymous sites can be adopted into an account at any time before they expire:
curl -X POST https://shiply.now/api/v1/publish/<slug>/claim \
-H "Authorization: Bearer shp_…" \
-H "content-type: application/json" \
-d '{"token": "<claimToken>"}'Or open https://shiply.now/claim?slug=<slug>&token=<token> in a browser and
sign in. Claimed sites become permanent.