API Reference

Complete REST API documentation for shebang.run

Download OpenAPI Spec (YAML)

Authentication

Two Methods Supported:

1. JWT Token (Web UI, temporary access) Authorization: Bearer <token>
2. API Token (CLI, programmatic access) Authorization: Basic <base64(client_id:client_secret)>

POST /api/auth/register

Register new user

curl -X POST https://shebang.run/api/auth/register \
  -H "Content-Type: application/json" \
  -d '{"username":"user","email":"user@example.com","password":"pass"}'

POST /api/auth/login

Login with username and password

curl -X POST https://shebang.run/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{"username":"user","password":"pass"}'

Scripts

GET /api/scripts

List your scripts

curl https://shebang.run/api/scripts \
  -H "Authorization: Bearer <token>"

POST /api/scripts

Create new script

curl -X POST https://shebang.run/api/scripts \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "name":"myscript",
    "content":"#!/bin/bash\\necho Hello",
    "description":"My script",
    "visibility":"public"
  }'

GET /{username}/{script}[@tag]

Retrieve script content (public endpoint)

# Latest version
curl https://shebang.run/user/script | sh

# Specific version
curl https://shebang.run/user/script@v5 | sh

# Tagged version
curl https://shebang.run/user/script@dev | sh

DELETE /api/scripts/{id}

Delete script

curl -X DELETE https://shebang.run/api/scripts/1 \
  -H "Authorization: Bearer <token>"

Keys

GET /api/keys

List your keypairs

curl https://shebang.run/api/keys \
  -H "Authorization: Bearer <token>"

POST /api/keys/generate

Generate RSA-4096 keypair

curl -X POST https://shebang.run/api/keys/generate \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{"name":"my-key"}'

Account

POST /api/account/tokens

Create API token for CLI access

curl -X POST https://shebang.run/api/account/tokens \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{"name":"CLI Access"}'

GET /api/account/export

Export all data (GDPR)

curl https://shebang.run/api/account/export \
  -H "Authorization: Bearer <token>"

Community

GET /api/community/scripts

Browse public scripts

curl https://shebang.run/api/community/scripts \
  -H "Authorization: Bearer <token>"

Secrets

GET /api/secrets

List your secrets

curl https://shebang.run/api/secrets \
  -H "Authorization: Bearer <token>"

POST /api/secrets

Create or update a secret

curl -X POST https://shebang.run/api/secrets \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{"key_name":"AWS_KEY","value":"AKIA..."}'

GET /api/secrets/{name}/value

Get secret value

curl https://shebang.run/api/secrets/AWS_KEY/value \
  -H "Authorization: Bearer <token>"

Sharing

GET /api/scripts/{id}/access

List script access control

curl https://shebang.run/api/scripts/1/access \
  -H "Authorization: Bearer <token>"

POST /api/scripts/{id}/access

Add users or enable link sharing

# Share with users
curl -X POST https://shebang.run/api/scripts/1/access \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{"access_type":"user","usernames":["alice","bob"]}'

# Enable link sharing
curl -X POST https://shebang.run/api/scripts/1/access \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{"access_type":"link"}'

GET /api/shared/scripts

List scripts shared with you

curl https://shebang.run/api/shared/scripts \
  -H "Authorization: Bearer <token>"

Community

GET /api/community/scripts

Browse public scripts

curl https://shebang.run/api/community/scripts \
  -H "Authorization: Bearer <token>"

Python Library

from shebangrun import ShebangClient, run

# Simple usage
content = run(username="user", script="myscript")

# With decryption
content = run(username="user", script="private", 
              key=open("key.pem").read())

# Full client
client = ShebangClient()
client.login("user", "pass")
scripts = client.list_scripts()
client.create_script("test", "#!/bin/bash\\necho hi", visibility="public")

# Secrets
client.create_secret("AWS_KEY", "AKIA...")
value = client.get_secret("AWS_KEY")

# Sharing
client.add_script_access(script_id=1, usernames=["alice"])
shared = client.list_shared_scripts()

Rate Limits

  • Default: 50 requests per minute
  • Configurable: Admins can adjust per-user limits
  • Public endpoints: Subject to rate limiting
  • Authenticated endpoints: Per-user rate limits apply

Resources

OpenAPI Spec

Download YAML specification

Python Package

pip install shebangrun

GitHub

Source code and examples

We use essential cookies to store your authentication token locally in your browser. No tracking or analytics cookies are used. By continuing, you accept our Privacy Policy and Terms of Service.