API
API reference
Customer-facing HTTP API for server-side integration. All routes live under the base URL below and authenticate with a Bearer API key. There is no public endpoint to list files — store fileId from the upload session or handle file.uploaded webhooks.
Base URL
https://api.reupload.dev/api/v1Endpoints
| Method | Path | Permission | Description |
|---|---|---|---|
GET | /public/whoami | files.read | Key metadata and allowed project IDs |
POST | /uploads/session | files.write | Create upload session + signed CDN PUT URL |
POST | /uploads/direct | files.write | Server multipart upload — one or more file parts; single-file response or { files: [...] } when 2+ files (202) |
POST | /uploads/complete | files.write | Verify object and enqueue processing (202) |
GET | /uploads/session/:uploadId | files.read | Poll session status; when completed includes webhook-shaped file |
DELETE | /uploads/session/:uploadId | files.write | Cancel pending session |
GET | /files/:fileId | files.read | File metadata (no storage key) |
GET | /files/:fileId/access | files.read | Signed CDN download URL |
DELETE | /files/:fileId | files.delete | Soft-delete file and enqueue storage cleanup |
The PUT to uploadUrl is not a Reupload API route — clients upload bytes directly to your CDN worker. See Client-side uploads.
POST /uploads/direct and POST /uploads/complete return 202 with status: "processing" even though storage already has the bytes. Final path, url, and sizeBytes arrive via webhook or after polling — see Why 202 + processing?.
Permissions
| Permission | Grants |
|---|---|
files.read | whoami, get session, get file, get access URL |
files.write | create session, complete upload, cancel session |
files.delete | delete completed file |
Keys are scoped to a workspace and either all projects or a subset. Session create requires the body projectId to be in that scope. Details: Authentication.
Limits and quotas
Defaults below; your workspace plan may differ in the dashboard.
| Limit | Typical value |
|---|---|
| Max file size | 50 MB (52,428,800 bytes) |
| Session / presigned URL TTL | 300 seconds |
| Upload sessions per minute (API key) | 10 / 30 / 60 (free / starter / pro) |
| Pending sessions per project | 20 / 50 / 100 |
| Monthly billing quota | Completed uploads only (500 / 5k / 50k) |
| Monthly upload attempts (anti-abuse) | 3× monthly upload limit |
Private download token (expiresIn) | 60–604800 seconds (7 days max; default 300) |
Failed or cancelled sessions do not count toward the monthly completed upload quota. See Errors for QUOTA_EXCEEDED and UPLOAD_ABUSE_DETECTED.
Supported file types
Every upload needs a filename with a supported extension. The contentType you send must match that extension (for example, report.pdf with application/pdf).
Images
JPEG (.jpg, .jpeg) · PNG (.png) · WebP (.webp) · GIF (.gif) · SVG (.svg) · AVIF (.avif) · HEIC / HEIF (.heic, .heif) · BMP (.bmp) · ICO (.ico)
Documents
PDF (.pdf) · Word (.doc, .docx) · Excel (.xls, .xlsx) · PowerPoint (.ppt, .pptx) · RTF (.rtf) · OpenDocument (.odt, .ods, .odp) · EPUB (.epub) · Plain text (.txt) · Markdown (.md, .markdown)
Data
CSV (.csv) · TSV (.tsv) · JSON (.json) · XML (.xml) · YAML (.yaml, .yml) · Parquet (.parquet)
Developer
SQL (.sql) · Log (.log) · Env (.env)
Video
MP4 (.mp4, .m4v) · WebM (.webm) · QuickTime (.mov) · AVI (.avi) · MKV (.mkv) · Ogg Video (.ogv) · MPEG (.mpeg, .mpg) · MPEG-TS (.ts) · 3GP (.3gp)
Audio
MP3 (.mp3) · M4A (.m4a) · AAC (.aac) · WAV (.wav) · FLAC (.flac) · Ogg / Opus (.ogg, .opus, .oga) · WebM audio (.weba) · MIDI (.mid, .midi) · AIFF (.aiff, .aif)
Archives
ZIP (.zip, .zipx) · RAR (.rar) · 7-Zip (.7z) · Tarball (.tar, .gz, .tgz) · Bzip2 (.bz2) · XZ (.xz) · ISO (.iso) · Apple disk image (.dmg)
Fonts
TTF (.ttf) · OTF (.otf) · WOFF (.woff) · WOFF2 (.woff2)
Design
Photoshop (.psd) · Illustrator (.ai) · Sketch (.sketch) · Figma (.fig)
3D
GLB (.glb) · glTF (.gltf) · OBJ (.obj) · FBX (.fbx) · STL (.stl)
Requests with an unsupported type or a contentType that does not match the filename extension return VALIDATION_ERROR (400). See Errors.
Integration checklist
- Create API key with required permissions in the dashboard.
- Call
GET /public/whoamiand confirmprojectsincludes your target project. - Server:
POST /uploads/session→ returnuploadUrl+uploadIdto client. - Client: PUT file to
uploadUrl(see Browser uploads for CORS). - Server:
POST /uploads/complete→ poll session or webhook. - Serve downloads via
GET /files/:fileId/accessor public CDN URL from webhooks whenisPublic.
Not in the public API
- List or search files (dashboard only)
- Rename, move, or toggle public flag (dashboard only)
- Register webhooks (dashboard only)
- Workspace, team, billing, folders management