noro/Docs
noro

API

Endpoints

complete reference for all API endpoints.

Base URL

https://noro.sh/api/v1

GET /health

check API and database health status.

response

{
  "status": "healthy",
  "redis": "connected",
  "latency": 42,
  "timestamp": 1706000000000
}

GET /keys

get your API key info. requires authentication.

request headers

Authorization: Bearer noro_...

response

{
  "hint": "noro_****ab12",
  "webhook": "https://example.com/webhook",
  "created": 1706000000000,
  "expires": 1714000000000
}

POST /keys

generate a new API key. keys expire after 90 days.

request body

{
  "webhook": "https://example.com/webhook"  // optional
}

response

{
  "key": "noro_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6",
  "expires": 1714000000000
}

PATCH /keys

update your API key settings. requires authentication.

request headers

Authorization: Bearer noro_...

request body

{
  "webhook": "https://new-url.com/webhook"  // set to "" to remove
}

response

{
  "updated": true
}

DELETE /keys

revoke your API key. requires authentication.

request headers

Authorization: Bearer noro_...

response

{
  "deleted": true
}

POST /secrets

create a new secret. requires authentication.

request headers

Authorization: Bearer noro_...
Content-Type: application/json

request body

{
  "data": "base64_encrypted_data",  // required
  "ttl": "1d",                      // optional: 1h, 6h, 12h, 1d, 7d
  "type": "text",                   // optional: text, file
  "filename": "secret.txt",         // optional: for files
  "mimetype": "text/plain",         // optional: for files
  "views": 1                        // optional: 1-5
}

response

{
  "id": "abc123",
  "url": "https://noro.sh/abc123"
}

GET /secrets/:id

claim a secret and retrieve its data. requires authentication.

request headers

Authorization: Bearer noro_...

response

{
  "data": "base64_encrypted_data",
  "type": "text",
  "filename": null,
  "mimetype": null,
  "remaining": 0
}

errors

  • 404 secret not found or already claimed

DELETE /secrets/:id

revoke a secret before it's claimed. requires authentication.

request headers

Authorization: Bearer noro_...

response

{
  "deleted": true
}

errors

  • 404 secret not found

Error responses

all errors return a JSON object with an error field:

{
  "error": "error message"
}

status codes

  • 400 bad request
  • 401 unauthorized
  • 404 not found
  • 413 payload too large (5MB max)
  • 429 rate limited
  • 500 server error