public api
API v1
The v1 public API is a single endpoint with one job: clicker noise your own devices. Give a third-party tool (a Stream Deck, IFTTT, a cron job, a webhook from some other service) a pak_ key, and when it hits the endpoint you get a self-click: a push notification on your phone and a live alert on any connected desktop or web client.
Base URL: https://puppyclicker-api.boundfire.com
Want more than a self-click? Sending clicks, zaps, and messages to your puppies, listing them, reading your received clicks, or a real-time event stream all live in the v2 API. v2 is a strict superset, and v1 stays supported unchanged.
The key
Every request is authenticated by a public API key (pak_ prefix), created in the app under Settings → Public API Keys. The v1 endpoint takes the key as a query parameter.
- Free accounts get 1 key; supporters get up to 5.
- The full key is shown once, when you create it. After that the app masks it (
pak_1234••••••••); use the reveal and copy control in Settings if you need it again. - Treat the key like a password. Anyone who has it can ring your devices and your puppies (v2).
GET /api/v1/click
Records a self-click for the key's owner: a click history entry (type: "api"), a push notification to the owner's devices, and a real-time alert to any connected desktop or web client.
Query parameters
| Param | Required | Notes |
|---|---|---|
key | yes | Your pak_ key. |
message | no | Up to 150 characters. Shown in the notification body; defaults to *click* when omitted. |
Response
200 OK
{ "success": true }
Examples
# Just send a clicker noise to my devices
curl "https://puppyclicker-api.boundfire.com/api/v1/click?key=pak_xxxxxxxx"
# With a message
curl "https://puppyclicker-api.boundfire.com/api/v1/click?key=pak_xxxxxxxx&message=coffee%20break"
Because it's a plain GET, it works from anywhere a URL works: a browser bookmark, a Stream Deck "Website" button, an IFTTT or Zapier webhook action, a curl in a cron job, a Shortcuts "Get Contents of URL" step, and so on.
Behaviour details
- Self-click only. v1 can only click the key owner (sender and receiver are the same account). It cannot target friends; that's a v2 feature.
- Do Not Disturb. During the owner's quiet hours the push is suppressed, but the click is still recorded and the real-time alert still fires (flagged
dndSuppressed: true). DND never drops the click itself. - Push is fire and forget. The response returns as soon as the click is recorded; the APNs/FCM round trip happens in the background and never delays or fails the HTTP response.
- Real-time delivery. Connected desktop and web clients receive the alert over their SSE connection immediately (
kind: "click", with the sender name set to the key's name or"API").
Errors
Errors are JSON. Unlike v2, v1 responses carry only a human error string, with no machine code field.
| HTTP | Body | Meaning |
|---|---|---|
| 400 | { "error": "<validation message>" } | Missing key, or message over 150 chars. |
| 401 | { "error": "Invalid API key" } | Unknown key. |
| 429 | { "error": "Rate limit exceeded", "retryAfter": <seconds> } | Over the per-key budget. The Retry-After header is also set. |
| 429 | { "error": "Too many requests" } | Over the per-IP anti-abuse limit. |
| 500 | { "error": "Internal server error" } | Server error. Please report on discord. |