Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.stashy.sh/llms.txt

Use this file to discover all available pages before exploring further.

Stashy has two auth layers: Google OAuth for the web dashboard and API keys for programmatic access.

Google OAuth

Users sign in at / via Google. After login, the dashboard lets you manage API keys.

Setup

  1. Go to Google Cloud Console → Credentials
  2. Create an OAuth 2.0 Client ID (Web application)
  3. Set the authorized redirect URI to {HOSTNAME}/auth/google/callback
  4. Set GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET

Domain Restrictions

Restrict sign-in to specific email domains: 
ALLOWED_DOMAINS=example.com,mycompany.org
Leave unset to allow all Google accounts.

API Keys

All /v1/* endpoints require a Bearer token.

Generate a Key

Sign in to the dashboard and click “Create API Key”. The full key is shown once — store it securely.

Usage

curl -H "Authorization: Bearer sk_live_abc123..." \
  -X POST http://localhost:8080/v1/files \
  -H "Content-Type: image/png" \
  --data-binary @photo.png

Management Endpoints

MethodPathDescription
POST/auth/keysCreate a new API key
GET/auth/keysList your API keys
DELETE/auth/keys/{id}Revoke an API key
These endpoints require an active session (cookie-based, from OAuth sign-in).

File Access

Files are private by default — accessible only to logged-in users at /{id}. Use Publish to make a file public. See File Access for details.