Create an injectable

Create a new injectable under a project.

An injectable is a unit of payload DevPayr can later deliver to your SDK/runtime (for example: a script snippet, config JSON, or a file-based payload), based on your project rules.

---

Endpoint

POST /project/{project}/injectables

Full URL:

https://api.devpayr.dev/api/v1/project/{project}/injectables

---

Authentication

✅ Required: API Key

X-API-KEY: <your_api_key>

---

Content Type

This endpoint accepts multipart/form-data because you may optionally upload a file.

• If type = file → send a file

• Otherwise → send content as text

---

Path Parameters

Parameter	Type	Required	Description
project	integer	Yes	The ID of the project to attach the injectable to.

Request Fields

Required fields (always)

Field	Type	Required	Description
type	string	Yes	The injectable type. See allowed values below.
mode	string	Yes	How the injectable should be applied. See allowed values below.
target_path	string	Yes	The destination path this injectable targets.
secret	string	Yes	A secret used to protect the injectable payload. Must be at least 8 characters.
only_if_paid	boolean	Yes	If true, the injectable should only apply when the project is marked as paid.
is_active	boolean	Yes	Whether this injectable is enabled.

Optional fields

Field	Type	Required	Description
title	string	No	Human-friendly name.
slug	string	No	Unique identifier within the project. If omitted, DevPayr generates one.
validate_endpoint	string (url)	No	Optional URL your SDK/runtime may call to check whether to apply the injectable.

Payload fields (choose one)

Field	Type	Required	When
content	string	Yes	Required unless type = file
file	file (binary)	Yes	Required if type = file (max 5MB)

Allowed values

type allowed values

file, snippet, html, script, component, config, json, markdown, css, include, sdk_module, docs, template

mode allowed values

inject, write, replace, symlink, append, prepend, mount, inline_render, stream

Example Requests

Content-based injectable

curl -X POST "https://api.devpayr.dev/api/v1/project/2/injectables" \
  -H "X-API-KEY: YOUR_API_KEY" \
  -H "Accept: application/json" \
  -F "title=Checkout Modal" \
  -F "slug=checkout-modal" \
  -F "type=snippet" \
  -F "mode=inject" \
  -F "target_path=resources/js/checkout.js" \
  -F "validate_endpoint=https://yourapp.com/sdk-check" \
  -F "secret=sk_test_abc123xyz" \
  -F "content=window.alert('Hi');" \
  -F "only_if_paid=true" \
  -F "is_active=true"

File -base injectable

Response

Validation Rules

• file is required only when type = file (max size 5MB).

• content is required when type != file.

• secret must be at least 8 characters.

• slug must be unique within the project.

Common Errors

Unauthorized / wrong project access (403)

{ "message": "This API key does not have access to this project." }

{ "message": "This API key does not belong to the owner of this project." }

Validation failed (422)

Example cases:

• missing content for non-file injectables

• missing file for file injectables

• invalid type or mode

• file too large

• duplicate slug in the same project

Typical response:

{
  "message": "The given data was invalid.",
  "errors": {
    "slug": ["An injectable with this slug already exists for the project."]
  }
}

Rate limited (429)

{ "message": "Too many requests. Please slow down." }