API Reference

All API endpoints for programmatic access. Endpoints that require authentication use an admin token passed as a query parameter.

POST/api/links

Create a new anonymous message link

Request Body

{
  "slug": "my-group",
  "title": "Send me anonymous messages",
  "description": "Optional description",
  "pin": "optional-pin",
  "expiresAt": "2026-12-31T23:59:59Z",
  "startsAt": "2026-01-01T00:00:00Z",
  "maxMessages": 100
}

Response

{
  "link": { "id": "uuid", "slug": "my-group", ... },
  "shareUrl": "https://domain/my-group",
  "adminUrl": "https://domain/my-group/admin?token=...",
  "adminToken": "64-char-hex-token"
}
GET/api/links/[slug]

Get public link information including computed status (active, expired, scheduled, paused)

Response

{
  "link": {
    "id": "uuid",
    "slug": "my-group",
    "title": "Send me anonymous messages",
    "is_active": true,
    "has_pin": false,
    "status": "active",
    "expires_at": null,
    "starts_at": null,
    "max_messages": null
  }
}
POST/api/links/[slug]/messages

Submit an anonymous message. Rate limited to 5 per minute. Checks expiry, scheduling, and max messages.

Request Body

{ "content": "Your anonymous message here" }

Response

{ "success": true }
GET/api/links/[slug]/messages?token=ADMIN_TOKEN

Get all messages for a link (admin only)

Response

{
  "link": { ... },
  "messages": [
    { "id": "uuid", "content": "...", "share_token": "...", "created_at": "..." }
  ]
}
DELETE/api/links/[slug]/messages/[id]?token=ADMIN_TOKEN

Delete a specific message (admin only)

Response

{ "success": true }
PATCH/api/links/[slug]?token=ADMIN_TOKEN

Update link settings - toggle active state, change title or description (admin only)

Request Body

{ "isActive": false, "title": "New title" }

Response

{ "success": true }
GET/api/messages/[shareToken]

Get a single shared message card by its share token

Response

{
  "message": {
    "content": "...",
    "link_title": "...",
    "created_at": "..."
  }
}
POST/api/cards/upload

Upload a card image to Vercel Blob (requires BLOB_READ_WRITE_TOKEN)

Request Body

FormData: file (PNG), shareToken (string)

Response

{
  "url": "https://....public.blob.vercel-storage.com/wishpr-cards/token.png",
  "filename": "wishpr-cards/token.png"
}
PreviousRebrandingNextContributing