Thryvate
Developers

API tokens

Tokens let scripts, pipelines, and agents act on your account without your password. Each one is scoped, shown once, and revocable in a click.

Create a token

Open API tokens in your dashboard and create a new token. Give it a name you will recognize later, then copy the value right away. For security we show it only once, so store it in your secret manager or a CI secret.

Publish a site

Send the bundle as multipart form data along with a title and visibility. The response includes the site id and its live link.

POST /v1/sites
curl -X POST https://api.thryvate.com/v1/sites \
  -H "Authorization: Bearer $THRYVATE_TOKEN" \
  -F "title=Launch microsite" \
  -F "visibility=private" \
  -F "bundle=@site.zip"

Update in place

Push a new bundle to the same site id and the live link stays the same. Viewers see the update on their next load, with no new link to share.

PUT /v1/sites/:id
curl -X PUT https://api.thryvate.com/v1/sites/$SITE_ID \
  -H "Authorization: Bearer $THRYVATE_TOKEN" \
  -F "bundle=@site.zip"

Keep tokens safe

Treat a token like a password. Never commit it to source control or embed it in a client. Rotate tokens on a schedule, and revoke any token immediately if it might have leaked. Revoking takes effect at once.