Developer Platform

Publish to HashBin from your app

Let your users store 256t content on HashBin.org directly from your web app. Users authorize your app via OAuth 2.0, and uploads are billed to their HashBin balance.

How it works Register your app, get a client ID, and redirect users through a standard OAuth consent flow. Once authorized, your app can publish content on their behalf.

Why register your app?

Security

Redirect URI validation prevents authorization codes from being intercepted. Only your registered origins receive tokens.

User trust

The consent screen shows your app name so users know exactly who is requesting access to their balance.

Spending controls

Users can set per-app monthly spending limits. Revocation and rate limiting are tracked per app.

Integration overview

  1. Register your app below to get a client_id and client_secret.
  2. Redirect users to /oauth/authorize with PKCE parameters.
  3. The user signs in (via their existing HashBin account) and approves your app.
  4. HashBin redirects back to your redirect_uri with an authorization code.
  5. Exchange the code at /oauth/token for an access token (1 hr) and refresh token (30 days).
  6. Use the access token to publish content via POST /api/content. Uploads use the user's default retention period, are billed to their balance, and return a content URL on https://256t.us/{cid}.

Example: app served from GitHub Pages

If your app is hosted on GitHub Pages, use your Pages URL as the redirect URI when registering. For example:

https://your-username.github.io/your-repo/callback.html

Your callback page receives the authorization code and exchanges it for tokens. A minimal implementation using the hosted SDK: 

<!-- callback.html served from GitHub Pages -->
<script type="module">
  import HashBin from 'https://hashbin.org/sdk/hashbin.js';

  const hb = HashBin.configure({
    clientId: 'YOUR_CLIENT_ID',
    redirectUri: 'https://your-username.github.io/your-repo/callback.html',
    contentBaseUrl: 'https://256t.us'
  });

  // Completes the OAuth flow using the code in the URL
  await hb.handleCallback();

  // Now you can publish content
  const result = await hb.publish(new Blob(['Hello, HashBin!']));
  console.log('Published:', result.cid, result.url);
</script>

Or install via npm:

npm install hashbin-sdk

See the SDK documentation for the full API reference.

GitHub Pages upload utilities

Upload via API key: fastest manual upload flow, supports selecting retention per upload, but requires handling an API key in the page.

Open Upload via API Key

Upload via registered app: OAuth app flow with scoped and revocable access, no API key sharing, and uploads billed using the user's default retention settings.

Open Upload via Registered App

Available scopes

Scope Description
content:write Publish content, billed to the user's balance using their default retention period
content:read Check whether content exists and read its metadata
balance:read View the user's current balance (useful for pre-flight checks)

Third-party apps can only publish. Deletion, retention extension, and account management are not available through OAuth tokens.

Register an application

Your applications