# shortText.com

> shortText.com is a tool for writers to paste short text and get a shareable URL. No account, no signup. Public, Unlisted, or Private (password) visibility. Markdown supported, character limit 30,000. Around since 2006.

The product is anti-pastebin: built for writers and essays rather than code dumps. The default surface is calm and reading-focused.

## Canonical pages

- [Homepage](https://shorttext.com/) — create a shortText
- [FAQ](https://shorttext.com/faq) — how the product works, in Q&A form
- [Terms of Service](https://shorttext.com/terms) — usage rules, takedown contact

## What lives at /{slug} URLs

Each shortText has a unique 8-character slug. Public shortTexts are crawlable; unlisted and private shortTexts emit noindex, nofollow, noarchive, noai, and noimageai headers and meta tags. Private shortTexts also require a password to view.

## API for agents

Base URL: https://shorttext.com. OpenAPI spec: https://shorttext.com/openapi.json

- Read (JSON): `GET /api/paste/{slug}` → `{ slug, url, body, visibility, burnAfterRead, burned, viewCount, createdAt, updatedAt, expiresAt }`. Private shortTexts need the password via `?password=` or an `X-Password` header.
- Read (plain text): `GET /{slug}/raw` → the raw Markdown body as `text/plain`. Same private-password rules. Ideal for `curl` and shell pipes.
- Create: `POST /api/paste` with JSON `{ body, visibility?, expiry?, burnAfterRead?, password?, commentsEnabled? }` → `{ slug, url, editUrl, editCode }`. Agents authenticate with an API key sent as `Authorization: Bearer st_live_…` (request one at api@shorttext.com); keys bypass the bot check and are rate-limited per key. The public web form instead includes a Cloudflare Turnstile token. Store the returned `editCode` — it's the only way to edit later.
- Update: `PUT /api/paste/{slug}` with `{ body, editCode }` (plus optional `visibility`, `password`, `commentsEnabled`).

Read semantics: a read here counts as a real view — it ticks the view count and consumes a burn-after-read shortText, exactly like opening the URL in a browser. Reads are CORS-open (`Access-Control-Allow-Origin: *`).

## MCP server

Streamable HTTP, JSON-RPC 2.0, at `POST https://shorttext.com/mcp`. Stateless — no session id required. Tools:

- `read_shorttext` { slug, password? } — open to all.
- `create_shorttext` { body, visibility?, password?, expiry?, burnAfterRead? } — requires an API key in the Authorization header (`Bearer st_live_…`; request at api@shorttext.com).

## Contact

- abuse@shortText.com — takedown requests, security reports