DropadraftSign in

API & agent docs

Publish and update web pages on Dropadraft programmatically. The same endpoint works for curl, scripts, and AI agents.

For an AI agent — the fastest way

Zero setup. No token required.

Anonymous publishes work out of the box. Hand the agent this URL — modern agents (Claude, Cursor, etc.) will read this page and figure out the API. A 2-line prompt is enough:

Publish to Dropadraft.
Docs: https://dropadraft.com/docs

Build a landing page for [your project] and publish it.

Anonymous pages live 7 days, max 5 publishes per IP per 10 minutes, max 10 active per IP. For permanent pages, update/lock/delete actions, and higher limits, add a PAT (see Get a token below) and use this prompt instead:

Publish to my Dropadraft account.
Token: $DROPADRAFT_TOKEN  (or paste the value)
Docs: https://dropadraft.com/docs

Build a landing page for [your project] and publish it.

Quick start (cURL)

One request, no auth — page is live for 7 days:

curl -X POST https://dropadraft.com/api/publish \
  -H "Content-Type: application/json" \
  -d '{ "html": "<h1>Hello</h1>", "name": "My report" }'

Same call with a PAT — page is owned by your account and starts with a 7-day sliding TTL (lock via /api/manage for no expiry):

curl -X POST https://dropadraft.com/api/publish \
  -H "Authorization: Bearer $DROPADRAFT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{ "html": "<h1>Hello</h1>", "name": "My report" }'

Drop-in prompt for AI agents

Paste this into Claude, Cursor, or any AI agent alongside your token — it teaches the agent the full API contract in one shot. Useful as a system prompt or a one-off instruction.

# Dropadraft publishing skill

You can publish and update web pages on Dropadraft via its REST API.
Authentication is OPTIONAL. Anonymous publishes work out of the box —
pages live 7 days, max 5 publishes per IP per 10 minutes, 10 active
per IP. If the user gave you a PAT (`dropadraft_pat_…`), use it for
permanent pages and higher limits; otherwise omit the Authorization
header entirely.

## Publish a new page

POST https://dropadraft.com/api/publish
Headers:  Content-Type: application/json
          Authorization: Bearer $DROPADRAFT_TOKEN   (optional)
Body:     { "html": "<page source>", "name": "Title", "content_type": "text/html" }
          (content_type also accepts "text/markdown")
Returns:  { "slug": "abc12", "name": "...", "expiresAt": "...", "version": 1 }
Page is then live at https://dropadraft.com/v/<slug>.

## Update an existing page  (PAT required)

POST https://dropadraft.com/api/publish  (same endpoint, just include the slug)
Body:     { "slug": "abc12", "html": "<new source>" }
Returns:  { "slug": "abc12", "version": N+1, ... }
Only the token owner can update their own pages. Anonymous publishes
are immutable after creation — re-POST without slug to make a new one.

## Manage existing pages  (PAT required)

POST https://dropadraft.com/api/manage
Body for each action:
  Delete: { "action": "delete", "slug": "abc12" }
  Lock (no expiry):    { "action": "lock",   "slug": "abc12" }
  Unlock (resume TTL): { "action": "unlock", "slug": "abc12" }
  Rename:              { "action": "rename", "slug": "abc12", "name": "new title" }
Returns: { "ok": true }   (Rename also echoes the new name.)
Owner-only — 403 from another user's token.

## Read endpoints (no auth)

GET https://dropadraft.com/raw/<slug>  →  raw source bytes (text/html or text/markdown).
                          What you POSTed; round-trip safe for read-then-edit.
GET https://dropadraft.com/r/<slug>    →  server-rendered HTML (markdown gets rendered+sanitized).

## Practical guidance

- Keep HTML self-contained: inline CSS, no scripts that depend on cross-origin fetches.
- For Markdown pages, the same URL renders the rendered HTML; the raw source is at /raw/<slug>.
- Anonymous pages expire after 7 days and can't be updated.
- Signed-in (with PAT): pages start with a 7-day sliding TTL; lock them via /api/manage for no expiry.
- 401 = token revoked or invalid. 403 = slug exists but you don't own it. 410 = deleted (never coming back). 429 = rate-limited (anon) or credit balance exhausted (PAT) — check the response body's "reason" and any Retry-After header.
- Iterate by re-POSTing with the same slug; each call bumps the version. Don't mint new slugs for edits.
- Clean up by deleting old slugs when the iteration is done.

Get a token (optional)

Anonymous publishes work without any token. A Personal Access Token unlocks permanent pages, page updates/locks/deletes, ownership in your dashboard, and higher rate limits. Sign in, open API & agents in the sidebar, click Create, give it a name. Copy the dropadraft_pat_… token shown once — it's not retrievable later.

Sign in to create a token

Use with Claude (MCP connector)

Dropadraft is a Claude connector. Add it once and Claude can publish, read, update, and manage your pages from any conversation — “turn this into a shareable page” returns a live dropadraft.com/v/<slug> link.

In Claude, go to Settings → Connectors → Add custom connector and paste this URL (with your token appended):

https://dropadraft.com/api/mcp?token=dropadraft_pat_xxxxxxxxxxxx

The token authenticates as you — pages are owned by your account and use your credits, exactly like the REST API. Treat the connector URL like a secret (it contains your token).

Tools Claude gets:

Authentication

Optional. Omit for anonymous publishes; include for authenticated ones:

Authorization: Bearer dropadraft_pat_xxxxxxxxxxxxxxxxxxxxxxxx

Tokens act as the user who created them. Pages they publish are owned by that user's org and burn that org's credits. Anonymous publishes are owned by no one and have no credit cost.

Endpoint reference

Create a new page
POST/api/publish
Request body
{
  "html": "<!doctype html>...",   // required (or markdown source if content_type is markdown)
  "name": "Q3 dashboard mock",    // optional, shows in the user's /pages dashboard
  "content_type": "text/html"     // or "text/markdown" — defaults to text/html
}
Response
{
  "slug": "abc12",
  "name": "Q3 dashboard mock",
  "expiresAt": "2026-06-03T...",
  "version": 1
}

Page is then live at https://dropadraft.com/v/<slug>.

Update an existing page (same endpoint + slug)
POST/api/publish
Request body
{
  "slug": "abc12",
  "html": "<!doctype html>... new content ..."
}
Response
{
  "slug": "abc12",
  "version": 2
}

Only the token owner can update their own pages. 403 if the slug exists but you don't own it.

Delete a page (soft-delete; slug returns 410 forever)
POST/api/manage
Request body
{
  "action": "delete",
  "slug": "abc12"
}
Response
{ "ok": true }

Tombstones the slug so future requests return 410 Gone. Chat history for the page is hard-deleted.

Lock a page so it never expires
POST/api/manage
Request body
{
  "action": "lock",
  "slug": "abc12"
}
Response
{ "ok": true }

Use 'unlock' to resume the 7-day sliding TTL. No-op on Pro/Team plans (already permanent).

Rename a page (changes the title only — slug stays stable)
POST/api/manage
Request body
{
  "action": "rename",
  "slug": "abc12",
  "name": "Q3 dashboard mock v2"
}
Response
{ "ok": true, "name": "Q3 dashboard mock v2" }
Read the raw source bytes (no auth)
GET/raw/<slug>
Request body
(GET — no body)
Response
Content-Type: text/html  or  text/markdown
<the source the user authored>

Returns exactly the bytes the user POSTed. Use this when an agent wants to read-then-edit a page (POST the result back with the same slug). Public — no auth required.

Read the rendered HTML (no auth)
GET/r/<slug>
Request body
(GET — no body)
Response
Content-Type: text/html
<sandboxed HTML suitable for an iframe>

HTML pages: same bytes as the source. Markdown pages: server-rendered HTML with sanitization + prose styling. Use this when an agent wants to inspect what users see (vs. /raw which gives unrendered source).

Status codes

Page lifecycle