API v1
Team API reference for encrypted handoffs and request links.
Authentication
API v1 uses scoped Team API keys. Human account tokens and API keys are separate. The API key is shown once when created and should be stored in a secret manager.
Authorization: Bearer shhhs_test_api_key_exampleZero-plaintext boundary
API endpoints are designed for encrypted payload envelopes. Plaintext fields are rejected. Use the browser, CLI, or MCP adapter to encrypt locally before upload.
- Do not send plaintext secrets
- Do not place keys in query strings
- Do not log API keys or request bodies
Common calls
Use fake examples locally and replace only in controlled environments.
curl -X POST https://shhhs.net/api/v1/secrets \
-H 'Authorization: Bearer shhhs_test_api_key_example' \
-H 'content-type: application/json' \
--data '{"envelope":{"version":1,"ciphertext":"fake-local-test-only"}}'OpenAPI
The machine-readable OpenAPI contract is served from the production application origin and is used by Cloudflare API Shield.
- OpenAPI JSON: https://shhhs.net/openapi.json
- Schema validation default: block
- API Shield protects /api/v1 routes