API

Files

Read and delete completed files with an API key. Create files via the Uploads API. There is no public list endpoint — persist fileId from the session response or webhooks.

Get metadata

GET /files/:fileId — requires files.read. Returns metadata only (no storage object key).

Response

file metadata
{
  "file": {
    "id": "uuid",
    "workspaceId": "uuid",
    "projectId": "uuid",
    "name": "report.pdf",
    "originalName": "docs/report.pdf",
    "mimeType": "application/pdf",
    "sizeBytes": 502400,
    "category": "document",
    "isPublic": false,
    "publicUrl": null,
    "uploadedVia": "api",
    "createdAt": "2026-05-20T14:31:00.000Z",
    "updatedAt": "2026-05-20T14:31:00.000Z"
  }
}

When isPublic is true, publicUrl is a permanent CDN link you can embed without calling /access again.

category is one of image, document, video, audio, archive, other. uploadedVia is api or dashboard when known.

Request
curl -s 'https://api.reupload.dev/api/v1/files/00000000-0000-4000-8000-000000000003' \
  -H 'Authorization: Bearer ru_your_api_key_here'

Access URLs

GET /files/:fileId/access — requires files.read. Returns a time-limited signed CDN URL; storage provider hostnames never appear in responses.

  • Public files (isPublic: true) — accessType: "cdn_public", stable CDN URL at /public/{projectId}/{fileId}/{filename}, expiresIn: null
  • Private filesaccessType: "cdn", default 300s, configurable 60–604800s (7 days max) via query

Query parameters

ParamDefaultDescription
expiresIn300CDN download token lifetime in seconds (60–604800). Ignored for public files.
downloadfalseSet to true for Content-Disposition: attachment.

Example responses

Public file:

public access
{
  "access": {
    "url": "https://cdn.reupload.dev/public/{projectId}/{fileId}/report.pdf",
    "accessType": "cdn_public",
    "expiresIn": null,
    "download": false
  }
}

Private file:

private access
{
  "access": {
    "url": "https://cdn.reupload.dev/v1/download/eyJ2Ijox...",
    "accessType": "cdn",
    "expiresIn": 300,
    "download": false
  }
}

Download tokens are bound to the file ID in the object key. Do not cache private URLs beyond their TTL. Public URLs are stable and do not expire.

Request
curl -s 'https://api.reupload.dev/api/v1/files/00000000-0000-4000-8000-000000000003/access?expiresIn=3600&download=false' \
  -H 'Authorization: Bearer ru_your_api_key_here'

Delete

DELETE /files/:fileId — requires files.delete. Soft-deletes the record and enqueues storage cleanup asynchronously.

JSON
{ "success": true }

Public vs private

Set isPublic: true when creating an upload session or on direct multipart upload to enable a public CDN link after processing. You can also toggle public access later via the dashboard. Webhooks include url when the file is public; otherwise use the access endpoint.