How do I publish a static site?

Three HTTP calls: POST /api/v1/publish with a file manifest, PUT the bytes to each upload URL the response gives you, then POST the finalize URL with the versionId. The site goes live at .push-live.com.

How do I get an API key?

POST /api/auth/agent/request-code with your email, then POST /api/auth/agent/verify-code with the code you receive. The response includes a Bearer key.

What authentication does push-live accept?

Three modes: anonymous (no Authorization header, 24-hour sites), Bearer API key (Authorization: Bearer ), and drive share tokens (Bearer tokens scoped to one drive and an optional path prefix).

What are the rate limits and quotas?

Anonymous: 60 publishes/hour/IP, 250 MB max file, 24-hour TTL. Free: 10 GB storage, 500 sites, 1 drive. Hobby: 500 GB, 1 000 sites, 5 drives. Developer: 2 TB, unlimited sites, 10 drives. See /pricing.md for the machine-readable table.

How do paid sites work?

The owner sets a price and a payout wallet. Visitors pay that wallet directly on-chain in USDC or USDT; push-live observes the transfer and grants access. push-live never holds keys or signs transactions.

What is the apps subsystem?

Server-side capabilities a hosted site can call from its own JavaScript. Endpoints live at /__pl/ /... on the site host. Today: analytics (privacy-preserving page hits and visitor counts).

API

Reference.

Auto-generated from openapi.json. Compact agent context lives at llms.txt and llms-full.txt; scoped contexts at /docs/llms.txt and /api/llms.txt.

Quick start

# 1. Create
curl -sS https://push-live.com/api/v1/publish \
  -H 'content-type: application/json' \
  -d '{"files":[{"path":"index.html","size":12,"contentType":"text/html"}]}'

# 2. PUT to the upload URL from the response

# 3. Finalize
curl -sS -X POST <finalizeUrl> -d '{"versionId":"<v>"}'

Get an API key

curl -sS https://push-live.com/api/auth/agent/request-code -d '{"email":"you@example.com"}'
curl -sS https://push-live.com/api/auth/agent/verify-code -d '{"email":"you@example.com","code":"XXXX-YYYY"}'

All authenticated endpoints take Authorization: Bearer <API_KEY>. Drive share tokens are also accepted on /api/v1/drives/* routes, scoped to one drive and an optional path prefix. Pass an optional X-Push-Live-Client header to tag who is publishing.

Limits & quotas

Per-plan quotas — see /pricing.md for the machine-readable table.

Anonymous · 250 MB max file · 60 publishes/hour/IP · 24 h site TTL · no drives.
Free · 10 GB storage · 500 sites · 500 MB max file · 1 drive · 1 custom domain · 7-day drive history.
Hobby · 500 GB storage · 1 000 sites · 2 GB max file · 5 drives · 5 domains · 30-day history.
Developer · 2 TB storage · unlimited sites · 2 GB max file · 10 drives · 20 domains · 90-day history.
Variables · 50 per account · 4 KB per value · optional allowedUpstreams allow-list.
Proxy · 10 MB per response · default 100 req/hr/IP per route; override with rateLimit.
Apps · Analytics · 0 / 10 k / 100 k / 1 M events per month per site · 60 hits/min/IP.

Error envelope

{
  "error":    "Human-readable message",
  "code":     "rate_limit_exceeded",
  "message":  "Same as error",
  "docs_url": "/docs#limits",
  "retry_after": 30
}

Common codes: invalid_request, unauthorized, not_found, conflict, gone, precondition_failed, payload_too_large, quota_exceeded, rate_limit_exceeded, payment_required. Every error includes a docs_url pointing back into this page.

Payments

Site owners set a price + payout wallet; visitors pay that wallet directly. push-live never holds keys or signs transactions — it observes the on-chain transfer and grants access. Flow: POST /api/pay/:slug/session → visitor sends USDC to the returned address → POST /api/pay/:slug/grant with the txHash (or the browser-friendly GET /api/pay/:slug/confirm with ?session=&tx=).

Apps

Server-side capabilities your hosted site can call from its own JS. Endpoints live at /__pl/<app>/... on the site's host (slug subdomain or custom domain). No SDK, no setup — fetch the URL.

Analytics · count page hits and unique visitors per site. No external SDK; no cookies. Visitor identity is a per-day, per-site rotating hash so visits aren't linkable across days.

// In your site's JS:
fetch('/__pl/analytics/hit', { method: 'POST', body: JSON.stringify({ path: location.pathname }) });

// Or as a beacon image (works without JS):
<img src="/__pl/analytics/hit?path=/" width="1" height="1" alt="">

Read the summary as the site owner:

curl -sS https://push-live.com/api/v1/publish/<slug>/analytics?period=7d \
  -H 'authorization: Bearer <API_KEY>'

Caps per plan (events/month, per site): anonymous 0 · free 10 000 · hobby 100 000 · developer 1 000 000. Over-quota writes are silently dropped — the visitor never sees an error.

Endpoints

auth means a bearer token is required.

Auth Sites Drives Domains Variables Payments Apps Support

Auth

Method	Path	Summary	Auth
POST	`/api/auth/agent/request-code`	Request an email sign-in code
POST	`/api/auth/agent/verify-code`	Verify an email code and get an API key

Sites

Method	Path	Summary	Auth
POST	`/api/v1/publish`	Create a Site
PUT	`/api/v1/publish/{slug}`	Update an existing Site
GET	`/api/v1/publish/{slug}`	Get Site details	auth
DELETE	`/api/v1/publish/{slug}`	Delete a Site	auth
POST	`/api/v1/publish/{slug}/finalize`	Finalize a pending version
POST	`/api/v1/publish/{slug}/uploads/refresh`	Refresh presigned upload URLs	auth
POST	`/api/v1/publish/{slug}/claim`	Claim an anonymous Site	auth
PATCH	`/api/v1/publish/{slug}/metadata`	Patch metadata + access controls	auth
POST	`/api/v1/publish/{slug}/duplicate`	Server-side copy	auth
POST	`/api/v1/publish/from-drive`	Publish a Drive snapshot as a Site	auth
GET	`/api/v1/publishes`	List account Sites	auth

Drives

Method	Path	Summary	Auth
GET	`/api/v1/drives`	List Drives	auth
POST	`/api/v1/drives`	Create Drive	auth
GET	`/api/v1/drives/default`	Get or create the default Drive	auth
GET	`/api/v1/drives/{driveId}`	Drive details	auth
PATCH	`/api/v1/drives/{driveId}`	Patch Drive	auth
DELETE	`/api/v1/drives/{driveId}`	Delete Drive	auth
GET	`/api/v1/drives/{driveId}/files`	List files	auth
PATCH	`/api/v1/drives/{driveId}/files`	Batch ops	auth
POST	`/api/v1/drives/{driveId}/files/uploads`	Stage upload	auth
POST	`/api/v1/drives/{driveId}/files/finalize`	Finalize upload	auth
POST	`/api/v1/drives/{driveId}/files/move`	Move a file	auth
GET	`/api/v1/drives/{driveId}/files/{path}`	Read a Drive file (?versions=true lists history; ?at=<unix_ms> time-travel)	auth
DELETE	`/api/v1/drives/{driveId}/files/{path}`	Delete a Drive file (?recursive=true for prefix delete)	auth
GET	`/api/v1/drives/{driveId}/tokens`	List tokens	auth
POST	`/api/v1/drives/{driveId}/tokens`	Mint token	auth
DELETE	`/api/v1/drives/{driveId}/tokens/{tokenId}`	Revoke token	auth

Domains

Method	Path	Summary	Auth
GET	`/api/v1/domains`	List domains	auth
POST	`/api/v1/domains`	Add a custom domain	auth
GET	`/api/v1/domains/{domain}`	Get domain	auth
DELETE	`/api/v1/domains/{domain}`	Remove domain	auth
POST	`/api/v1/domains/{domain}/sync`	Re-sync from Cloudflare	auth
GET	`/api/v1/handle`	Get handle	auth
POST	`/api/v1/handle`	Create handle	auth
PATCH	`/api/v1/handle`	Update handle	auth
DELETE	`/api/v1/handle`	Delete handle	auth
GET	`/api/v1/links`	List links	auth
POST	`/api/v1/links`	Create link	auth
GET	`/api/v1/links/{location}`	Get link	auth
PATCH	`/api/v1/links/{location}`	Update link	auth
DELETE	`/api/v1/links/{location}`	Delete link	auth

Variables

Method	Path	Summary	Auth
GET	`/api/v1/me/variables`	List variables	auth
PUT	`/api/v1/me/variables/{name}`	Set variable	auth
DELETE	`/api/v1/me/variables/{name}`	Delete variable	auth

Payments

Method	Path	Summary	Auth
GET	`/api/v1/wallet`	Get wallet	auth
PATCH	`/api/v1/wallet`	Set wallet	auth
POST	`/api/pay/{slug}/session`	Start a payment session
GET	`/api/pay/{slug}/poll`	Poll a session
POST	`/api/pay/{slug}/grant`	Grant access after payment
GET	`/api/pay/{slug}/confirm`	Browser-flow grant: redirects with cookie on success

Apps

Method	Path	Summary	Auth
GET	`/api/v1/publish/{slug}/analytics`	Analytics summary for a Site (period=1d/7d/30d/90d)	auth

Support

Method	Path	Summary	Auth
POST	`/api/v1/support`	Submit a support request	auth