API
Files
Read and delete completed files with an API key. Create files via the Uploads API. There is no public list endpoint — persist fileId from the session response or webhooks.
Get metadata
GET /files/:fileId — requires files.read. Returns metadata only (no storage object key).
Response
{
"file": {
"id": "uuid",
"workspaceId": "uuid",
"projectId": "uuid",
"name": "report.pdf",
"originalName": "docs/report.pdf",
"mimeType": "application/pdf",
"sizeBytes": 502400,
"category": "document",
"isPublic": false,
"publicUrl": null,
"uploadedVia": "api",
"createdAt": "2026-05-20T14:31:00.000Z",
"updatedAt": "2026-05-20T14:31:00.000Z"
}
}When isPublic is true, publicUrl is a permanent CDN link you can embed without calling /access again.
category is one of image, document, video, audio, archive, other. uploadedVia is api or dashboard when known.
curl -s 'https://api.reupload.dev/api/v1/files/00000000-0000-4000-8000-000000000003' \
-H 'Authorization: Bearer ru_your_api_key_here'Access URLs
GET /files/:fileId/access — requires files.read. Returns a time-limited signed CDN URL; storage provider hostnames never appear in responses.
- Public files (
isPublic: true) —accessType: "cdn_public", stable CDN URL at/public/{projectId}/{fileId}/{filename},expiresIn: null - Private files —
accessType: "cdn", default 300s, configurable 60–604800s (7 days max) via query
Query parameters
| Param | Default | Description |
|---|---|---|
expiresIn | 300 | CDN download token lifetime in seconds (60–604800). Ignored for public files. |
download | false | Set to true for Content-Disposition: attachment. |
Example responses
Public file:
{
"access": {
"url": "https://cdn.reupload.dev/public/{projectId}/{fileId}/report.pdf",
"accessType": "cdn_public",
"expiresIn": null,
"download": false
}
}Private file:
{
"access": {
"url": "https://cdn.reupload.dev/v1/download/eyJ2Ijox...",
"accessType": "cdn",
"expiresIn": 300,
"download": false
}
}Download tokens are bound to the file ID in the object key. Do not cache private URLs beyond their TTL. Public URLs are stable and do not expire.
curl -s 'https://api.reupload.dev/api/v1/files/00000000-0000-4000-8000-000000000003/access?expiresIn=3600&download=false' \
-H 'Authorization: Bearer ru_your_api_key_here'Delete
DELETE /files/:fileId — requires files.delete. Soft-deletes the record and enqueues storage cleanup asynchronously.
{ "success": true }Public vs private
Set isPublic: true when creating an upload session or on direct multipart upload to enable a public CDN link after processing. You can also toggle public access later via the dashboard. Webhooks include url when the file is public; otherwise use the access endpoint.