API

API reference

Customer-facing HTTP API for server-side integration. All routes live under the base URL below and authenticate with a Bearer API key. There is no public endpoint to list files — store fileId from the upload session or handle file.uploaded webhooks.

Base URL

base URL
https://api.reupload.dev/api/v1

Endpoints

MethodPathPermissionDescription
GET/public/whoamifiles.readKey metadata and allowed project IDs
POST/uploads/sessionfiles.writeCreate upload session + signed CDN PUT URL
POST/uploads/directfiles.writeServer multipart upload — one or more file parts; single-file response or { files: [...] } when 2+ files (202)
POST/uploads/completefiles.writeVerify object and enqueue processing (202)
GET/uploads/session/:uploadIdfiles.readPoll session status; when completed includes webhook-shaped file
DELETE/uploads/session/:uploadIdfiles.writeCancel pending session
GET/files/:fileIdfiles.readFile metadata (no storage key)
GET/files/:fileId/accessfiles.readSigned CDN download URL
DELETE/files/:fileIdfiles.deleteSoft-delete file and enqueue storage cleanup

The PUT to uploadUrl is not a Reupload API route — clients upload bytes directly to your CDN worker. See Client-side uploads.

POST /uploads/direct and POST /uploads/complete return 202 with status: "processing" even though storage already has the bytes. Final path, url, and sizeBytes arrive via webhook or after polling — see Why 202 + processing?.

Permissions

PermissionGrants
files.readwhoami, get session, get file, get access URL
files.writecreate session, complete upload, cancel session
files.deletedelete completed file

Keys are scoped to a workspace and either all projects or a subset. Session create requires the body projectId to be in that scope. Details: Authentication.

Limits and quotas

Defaults below; your workspace plan may differ in the dashboard.

LimitTypical value
Max file size50 MB (52,428,800 bytes)
Session / presigned URL TTL300 seconds
Upload sessions per minute (API key)10 / 30 / 60 (free / starter / pro)
Pending sessions per project20 / 50 / 100
Monthly billing quotaCompleted uploads only (500 / 5k / 50k)
Monthly upload attempts (anti-abuse)3× monthly upload limit
Private download token (expiresIn)60–604800 seconds (7 days max; default 300)

Failed or cancelled sessions do not count toward the monthly completed upload quota. See Errors for QUOTA_EXCEEDED and UPLOAD_ABUSE_DETECTED.

Supported file types

Every upload needs a filename with a supported extension. The contentType you send must match that extension (for example, report.pdf with application/pdf).

  • Images

    JPEG (.jpg, .jpeg) · PNG (.png) · WebP (.webp) · GIF (.gif) · SVG (.svg) · AVIF (.avif) · HEIC / HEIF (.heic, .heif) · BMP (.bmp) · ICO (.ico)

  • Documents

    PDF (.pdf) · Word (.doc, .docx) · Excel (.xls, .xlsx) · PowerPoint (.ppt, .pptx) · RTF (.rtf) · OpenDocument (.odt, .ods, .odp) · EPUB (.epub) · Plain text (.txt) · Markdown (.md, .markdown)

  • Data

    CSV (.csv) · TSV (.tsv) · JSON (.json) · XML (.xml) · YAML (.yaml, .yml) · Parquet (.parquet)

  • Developer

    SQL (.sql) · Log (.log) · Env (.env)

  • Video

    MP4 (.mp4, .m4v) · WebM (.webm) · QuickTime (.mov) · AVI (.avi) · MKV (.mkv) · Ogg Video (.ogv) · MPEG (.mpeg, .mpg) · MPEG-TS (.ts) · 3GP (.3gp)

  • Audio

    MP3 (.mp3) · M4A (.m4a) · AAC (.aac) · WAV (.wav) · FLAC (.flac) · Ogg / Opus (.ogg, .opus, .oga) · WebM audio (.weba) · MIDI (.mid, .midi) · AIFF (.aiff, .aif)

  • Archives

    ZIP (.zip, .zipx) · RAR (.rar) · 7-Zip (.7z) · Tarball (.tar, .gz, .tgz) · Bzip2 (.bz2) · XZ (.xz) · ISO (.iso) · Apple disk image (.dmg)

  • Fonts

    TTF (.ttf) · OTF (.otf) · WOFF (.woff) · WOFF2 (.woff2)

  • Design

    Photoshop (.psd) · Illustrator (.ai) · Sketch (.sketch) · Figma (.fig)

  • 3D

    GLB (.glb) · glTF (.gltf) · OBJ (.obj) · FBX (.fbx) · STL (.stl)

Requests with an unsupported type or a contentType that does not match the filename extension return VALIDATION_ERROR (400). See Errors.

Integration checklist

  1. Create API key with required permissions in the dashboard.
  2. Call GET /public/whoami and confirm projects includes your target project.
  3. Server: POST /uploads/session → return uploadUrl + uploadId to client.
  4. Client: PUT file to uploadUrl (see Browser uploads for CORS).
  5. Server: POST /uploads/complete → poll session or webhook.
  6. Serve downloads via GET /files/:fileId/access or public CDN URL from webhooks when isPublic.

Not in the public API

  • List or search files (dashboard only)
  • Rename, move, or toggle public flag (dashboard only)
  • Register webhooks (dashboard only)
  • Workspace, team, billing, folders management