You need to send an API key to a colleague. Or share a temporary password. Or paste a config file with credentials. Email is insecure, Slack logs everything forever, and a shared doc means the content lives on long after you needed it. That's the problem burn after read solves.
What Is Burn After Read?
Burn after read (BAR) means the paste is deleted from the server the moment the first person opens it. It physically cannot be read twice. Not by the recipient, not by anyone who gets the link later, and not by us.
When to Use It
- Sharing temporary passwords or one-time tokens
- Sending API keys or secrets to a teammate
- Distributing config files during a deployment
- Any content you only want seen once
Combining Features
Burn after read pairs well with the other paste options in xpaste:
- Password protection — require a passphrase before the content is revealed
- Expiry time — auto-delete after 1 hour, 24 hours, or 7 days even if unread
- Syntax highlighting — still get code formatting even on a secret paste
- Private paste — never indexed, never publicly listed
bash
# Example: Create a burn-after-read paste via API
curl -X POST https://xpaste.io/api/v1/pastes \
-H "Authorization: Bearer xp_your_key" \
-H "Content-Type: application/json" \
-d '{
"content": "DB_PASSWORD=super_secret_123",
"burnAfterRead": true,
"isPublic": false,
"title": "Temp DB creds"
}'Always combine burn after read with a password when the content is truly sensitive. That way, only the intended recipient with the correct passphrase can view it.