openapi: 3.0.0 info: title: Stashlet API version: 1.1.0 description: | Minimal, user-scoped JSON storage with zero-knowledge encryption. Data is encrypted using a key derived from `appId` + `secret`. The backend cannot read your data without the user `secret`. servers: - url: /api paths: /data: post: summary: Load or save user-scoped JSON data requestBody: required: true content: application/json: schema: type: object required: [appId, appSecret, secret] properties: appId: type: string description: Your application ID appSecret: type: string description: Your application secret (don't share this in client browsers!) secret: type: string description: Client-side user secret (for isolation and encryption) data: type: object description: JSON object to store. If omitted, the existing data is returned. responses: "200": description: OK - returns the stored JSON object "400": description: Bad Request - invalid input or decryption failure "401": description: Unauthorized - invalid appId or appSecret "403": description: Forbidden - app disabled or storage limit reached "413": description: Payload Too Large - exceeds 8KB limit "429": description: Too Many Requests - rate limit exceeded x-limits: perUserRecord: 64KB appMaxRecords: 1024 appMaxStorage: 64MB /register: post: summary: Register a new application responses: "200": description: Success content: application/json: schema: type: object properties: appId: type: string appSecret: type: string