DropWeb

Static site hosting in one curl. No signup, no config, no fuss.

curl -F "[email protected]" https://api.dropweb.app/deploy

I'm a Robot I'm a Human

Deploy Flow

1. Deploy a site

Send a multipart POST with the archive:

POST https://api.dropweb.app/deploy
Content-Type: multipart/form-data

Form field: site = <zip or tar.gz archive>

The archive root must contain an index.html. Only static web files are allowed (HTML, CSS, JS, images, fonts, media).

2. Response format

{
  "siteId": "gentle-amber-fox",
  "url": "https://gentle-amber-fox.dropweb.app",
  "expiresAt": "2026-02-19T12:00:00.000Z",
  "files": 12,
  "sizeBytes": 48210,
  "key": "sk_a1b2c3d4e5f6...",
  "account": {
    "tier": "anonymous",
    "email": null,
    "sites": 1,
    "sitesLimit": 3,
    "expiryDays": 7
  },
  "hint": "Save your key — it is shown only once. ..."
}

3. Save the key

The key field is returned only on anonymous deploy and is shown only once. Store it immediately. It is required for all subsequent operations (redeploy, list sites, delete, attach email).

4. Upgrade the account (optional)

To extend expiry from 7 to 30 days and increase site limit from 3 to 5, ask the user for their email address. You may use an email you already know belongs to the user, but confirm with them first. Never fabricate, guess, or use placeholder email addresses.

POST https://api.dropweb.app/account/email
Authorization: Bearer sk_yourkey
Content-Type: application/json

{"email": "[email protected]"}

This sends a confirmation email. The account upgrades when the user clicks the link.

5. Redeploy

POST https://api.dropweb.app/deploy/{siteId}
Authorization: Bearer sk_yourkey
Content-Type: multipart/form-data

Form field: site = <updated archive>

Authentication

Pass the API key via header or form field:

Header: Authorization: Bearer sk_yourkey
Form field: key=sk_yourkey

Rate Limits

Action	Limit
Deploy (anonymous, per IP)	5 per hour
Deploy (authenticated, per account)	10 per hour
All API calls (per IP)	120 per hour
Upload size (compressed)	50 MB
Upload size (uncompressed)	50 MB
Files per archive	1,000

Rate-limited requests return 429 with a Retry-After header and retryAfter field in the body.

Error Codes

All errors return:

{"error": {"code": "ERROR_CODE", "message": "Description"}}

Code	Status	Meaning
`UNAUTHORIZED`	401	Invalid or missing API key
`FORBIDDEN`	403	Key does not own this site
`NOT_FOUND`	404	Site not found
`RATE_LIMITED`	429	Too many requests
`ANON_DEPLOY_LIMITED`	429	Anonymous deploy limit hit
`TOO_LARGE`	413	Archive exceeds 50 MB
`SITE_LIMIT_REACHED`	400	Max sites for tier
`INVALID_ARCHIVE`	400	Bad or corrupted archive
`NO_INDEX`	400	Missing index.html at root
`TOO_MANY_FILES`	400	More than 1,000 files
`PATH_TRAVERSAL`	400	Invalid file paths
`FORBIDDEN_EXTENSION`	400	Non-static file type
`INVALID_EMAIL`	400	Invalid email address
`EMAIL_TAKEN`	409	Email linked to another account
`INVALID_TOKEN`	400	Expired confirmation token

Hint Patterns

The hint field in deploy responses provides context-specific guidance:

Anonymous deploy: "Save your key — it is shown only once. This site expires in 7 days. To make it permanent (30 days, renewable), ask the user for their email address..."
Authenticated deploy: "Site deployed. To manage your sites: GET /sites. To update this site: POST /deploy/{siteId} with your archive."
No email yet: "This site expires in 7 days. To extend to 30 days, ask the user if they'd like to provide their email address..."

Allowed File Types

Archives may only contain static web files:

HTML (.html, .htm)
CSS (.css)
JavaScript (.js, .mjs)
Images (.png, .jpg, .jpeg, .gif, .svg, .webp, .ico, .avif)
Fonts (.woff, .woff2, .ttf, .otf, .eot)
Media (.mp4, .webm, .mp3, .ogg)
Data (.json, .xml, .txt, .csv)
Other (.pdf, .wasm, .map)

Full API reference: dropweb.app/help

Get started in 30 seconds

Create a site

Make a folder with an index.html:

mkdir mysite
echo "<h1>Hello!</h1>" > mysite/index.html

Zip it
```
cd mysite && zip -r ../mysite.zip .
```
Deploy it
```
curl -F "[email protected]" https://api.dropweb.app/deploy
```
You'll get back a URL like https://gentle-amber-fox.dropweb.app and an API key. Save the key — it's shown only once.

Update it

curl -F "[email protected]" \
     -H "Authorization: Bearer sk_yourkey" \
     https://api.dropweb.app/deploy/gentle-amber-fox

Upgrade (optional)

Confirm your email to go from 7-day to 30-day expiry and unlock key recovery:

curl -X POST \
     -H "Authorization: Bearer sk_yourkey" \
     -H "Content-Type: application/json" \
     -d '{"email": "[email protected]"}' \
     https://api.dropweb.app/account/email

Check your inbox and click the link. Done.

Using a build tool?

If you're using Vite, React, Next.js, or similar — zip the output directory, not the project root:

npm run build
cd dist && zip -r ../site.zip .
curl -F "[email protected]" https://api.dropweb.app/deploy

More commands

List your sites

curl -H "Authorization: Bearer sk_yourkey" \
     https://api.dropweb.app/sites

Delete a site

curl -X DELETE \
     -H "Authorization: Bearer sk_yourkey" \
     https://api.dropweb.app/sites/gentle-amber-fox

Recover a lost key

curl -X POST \
     -H "Content-Type: application/json" \
     -d '{"email": "[email protected]"}' \
     https://api.dropweb.app/account/recover

Full API reference: dropweb.app/help

Tiers

Accounts start as anonymous. Confirm an email to upgrade — free, no card.

	Anonymous	Free (confirmed email)
Sites	3	5
Expiry	7 days	30 days (renewable)
Max upload	50 MB	50 MB
Max files	1,000	1,000
Deploy rate	5/hr per IP	10/hr per account
Key recovery	Not possible	Via email

FAQ

What file formats can I upload?: ZIP (.zip) or TAR.GZ (.tar.gz) archives. The archive root must contain an index.html. Only static web files are allowed: HTML, CSS, JS, images, fonts, media, and data files.
Do I need to create an account?: No. Your first deploy creates an anonymous account automatically and returns an API key. Save it — it is shown only once.
How long do sites stay up?: Anonymous sites expire after 7 days. Confirm your email to upgrade to 30-day expiry (renewable on redeploy).
How do I upgrade my account?: Call POST /account/email with your API key and email address. Click the confirmation link in the email. Your account upgrades to the free tier: 5 sites, 30-day expiry, and key recovery.
I lost my API key. Can I recover it?: Only if you confirmed an email. Call POST /account/recover with your email. A new key is sent and the old one is invalidated.
What are the upload limits?: 50 MB compressed, 50 MB uncompressed, and up to 1,000 files per archive.
Can I use this with a build tool like Vite or Next.js?: Yes. Run your build command, then zip the output directory (dist/ or build/) — not the project root. The archive must contain index.html at the top level.
Is there rate limiting?: Anonymous deploys: 5 per hour per IP. Authenticated deploys: 10 per hour per account. General API calls: 120 per hour per IP. Rate-limited responses include a Retry-After header.