For agents
Agent integration
The whole contract is small: one POST to publish, one stable URL to share, one PUT to update in place. No build step, no MCP server required, no install — just HTTP.
Most agent output is HTML in spirit: a plan, a report, a prototype, a design doc. But the HTML usually lives inside a chat message — copy/paste to share, no version history, no stable address. DropFast turns those artifacts into URLs the agent can hand back to the human (or to another agent in the next turn).
The fastest path: let the agent set itself up
Don't hand-roll HTTP tools by hand. Point your agent at the
Agent quickstart → and paste the
self-setup prompt: it reads the API from /llms.txt, stores your key,
and writes its own DropFast skill so the publish → update → review
workflow persists across sessions. The Connect page →
has the same prompt per client (Claude Code, Cursor, Codex, Gemini CLI,
Junie).
A hosted MCP server is also live at https://dropfast.dev/api/mcp
(Streamable HTTP transport, Bearer auth) for clients that support remote
MCP servers; the registry manifest lives at
https://dropfast.dev/.well-known/mcp.json. First-party setup packages
are coming soon — until they ship, the REST API below and the self-setup
prompt are the way in.
Building your own tool surface (REST)
Not on the launch matrix, or want a hand-rolled integration?
- Add a
publishtool that callsPOST /api/v1/siteswith the HTML the agent generated. - Add an
updatetool that callsPUT /api/v1/sites/{slug}so the same URL evolves across turns. - Surface the URL to the user in the agent's response. Persist the slug so future calls can reference it.
The endpoint surface is documented in detail in the REST API reference.
Auth is an Authorization: Bearer df_sk_... header (the legacy x-api-key
header is also accepted) — see Quickstart for
key creation.
Minimal publish tool (TypeScript)
async function dropfastPublish(input: {
html: string;
name: string;
accessMode?: 'public' | 'private' | 'password';
password?: string;
commentsEnabled?: boolean;
}): Promise<{ url: string; slug: string }> {
const form = new FormData();
form.set('file', new Blob([input.html], { type: 'text/html' }), 'index.html');
form.set('name', input.name);
if (input.accessMode) form.set('accessMode', input.accessMode);
if (input.password) form.set('password', input.password);
// Opt the new site into the inline comments overlay so a human can leave
// structured feedback that the agent later reads via the get_comments
// MCP tool (or `GET /api/v1/sites/<slug>/comments`).
if (input.commentsEnabled) form.set('commentsEnabled', 'true');
const res = await fetch('https://dropfast.dev/api/v1/sites', {
method: 'POST',
headers: { Authorization: `Bearer ${process.env.DROPFAST_API_KEY!}` },
body: form,
});
const json = await res.json();
if (!json.success) throw new Error(`${json.error.code}: ${json.error.message}`);
return { url: json.data.url, slug: json.data.slug };
}Patterns that work well
- One slug per artifact, not per turn. Generate the slug on first
publish, then
PUTon every subsequent turn. The link the user holds always points at the latest version. privatefor scratch,publicfor share. Default new artifacts toprivate— agents are noisy, you don't want every intermediate plan leaking. Flip topublic(orpassword) when the user asks to share.- Echo the URL. Always include the URL in the agent's response text, not just as side-channel state. Humans look for the link.
Patterns to avoid
- Don't publish on every keystroke. Each
POSTallocates a new slug. UsePUTto update. - Don't embed credentials in published HTML. Even in
privatemode, the bytes sit in S3. Treat the artifact like a public blog post. - Don't lose the slug. Without it, you can't update — only re-publish, which gives the user a new URL.
Deeper guides
- Agent quickstart → — connect over MCP, or have the agent write its own skill
- Handoff → — agent-to-human handoff patterns
- Prompts → — system prompts and tool definitions you can paste in