Onetime SecretOnetime SecretBonus Content
Rest Api

Retrieving Secrets

Learn how to retrieve secrets using the Onetime Secret REST API.

Overview

Retrieve a Secret

POST https://onetimesecret.com/api/v1/secret/SECRET\_KEY

Query Params

  • SECRET_KEY: the unique key for this secret.
  • passphrase (if required): the passphrase is required only if the secret was created with one.

Attributes

  • secret_key: the unique key for the secret you create. This is key that you can share.
  • value: The actual secret. It should go without saying, but this will only be available one time.

Example:

$ curl -X POST -u 'USERNAME:APITOKEN' https://onetimesecret.com/api/v1/secret/SECRET_KEY

Retrieve Metadata

POST https://onetimesecret.com/api/v1/private/METADATA\_KEY

Every secret also has associated metadata. The metadata is intended to be used by the creator of the secret (i.e. not the recipient) and should generally be kept private. You can safely use the metadata key to retrieve basic information about the secret itself (e.g. if or when it was viewed) since the metadata key is different from the secret key.

Query Params

  • METADATA_KEY: the unique key for this metadata.

Attributes

  • custid: this is you :]
  • metadata_key: the unique key for the metadata. DO NOT share this.
  • secret_key: the unique key for the secret you created. This is key that you can share.
  • ttl: The time-to-live that was specified (i.e. not the time remaining)
  • metadata_ttl: The remaining time (in seconds) that the metadata has left to live.
  • secret_ttl: The remaining time (in seconds) that the secret has left to live.
  • recipient: if a recipient was specified, this is an obfuscated version of the email address.
  • created: Time the metadata was created in unix time (UTC)
  • updated: ditto, but the time it was last updated.
  • received: Time the secret was received.
  • passphrase_required: If a passphrase was provided when the secret was created, this will be true. Otherwise false, obviously.

Example:

$ curl -X POST -u 'USERNAME:APITOKEN' https://onetimesecret.com/api/v1/private/METADATA_KEY

Burn a Secret

POST https://onetimesecret.com/api/v1/private/METADATA\_KEY/burn

Burn a secret that has not been read yet.

Query Params

  • None

Attributes

  • Same as metadata attributes with a status of burned.

Example:

$ curl -X POST -u 'USERNAME:APITOKEN' https://onetimesecret.com/api/v1/private/METADATA_KEY/burn

Retrieve Recent Metadata

GET https://onetimesecret.com/api/v1/private/recent

Retrieve a list of recent metadata.

Query Params

  • None

Attributes

  • Same as metadata attributes, although as a list and the secret key value will always be null.

Example:

$ curl -u 'USERNAME:APITOKEN' https://onetimesecret.com/api/v1/private/recent

Creating Secrets

Learn how to create and retrieve secrets using the Onetime Secret REST API.

Libraries

Explore the client libraries available for the Onetime Secret API, including Ruby, Python, Perl, Java, C#, Go, and more.