API tokens provide long-lived authentication for scripts and integrations.
Generate Token
Create a new API token.
Request
curl -X POST https://fucksornot.com/api/auth/tokens/generate \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{"name": "Upload Script"}'
Response
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"token": "7f3a9c2e1b8d4f6a0c5e3b7d9a1f2c4e6b8d0a3c5e7f9b1d3a5c7e9f0b2d4f6a",
"name": "Upload Script",
"expiresAt": "2026-01-24T00:00:00Z"
}
The token value is only shown once. Store it securely as it cannot be retrieved later.
List Tokens
Get all API tokens for your account.
Request
curl https://fucksornot.com/api/auth/tokens \
-H "Authorization: Bearer YOUR_JWT_TOKEN"
Response
[
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"name": "Upload Script",
"created_at": "2025-01-24T00:00:00Z",
"last_used_at": "2025-01-24T12:00:00Z",
"expires_at": "2026-01-24T00:00:00Z"
}
]
The token value is not included in the list response for security.
Revoke Token
Delete a token to revoke its access.
Request
curl -X DELETE https://fucksornot.com/api/auth/tokens/TOKEN_ID \
-H "Authorization: Bearer YOUR_JWT_TOKEN"
Response
Using API Tokens
Use API tokens with the /api/v1/upload endpoint:
curl -X POST https://fucksornot.com/api/v1/upload \
-H "Authorization: Bearer 7f3a9c2e1b8d4f6a0c5e3b7d9a1f2c4e6b8d0a3c5e7f9b1d3a5c7e9f0b2d4f6a" \
-F "upload_type=image" \
-F "description=My upload" \
-F "file=@image.jpg"
Best Practices
Name tokens based on their purpose (e.g., “GitHub Action”, “Backup Script”)
Generate new tokens periodically and revoke old ones
Create separate tokens for different integrations so you can revoke individually
Use environment variables or secret management tools