XFileUltraXFileUltra
XFileUltraXFileUltra
Premium
Log inRegister

text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since 1966,

Info

  • Terms of service

  • News

  • Privacy Policy

  • API

Support

  • Contact Us

  • FAQ

  • Report abuse

Features

  • Premium

  • Affiliate program

  • Reseller

Copyright © 2026 Xfileultra.com

API

Versioned HTTP API for integrations. All v1 routes live under /api/v1 and use JSON or multipart responses. Generate a secret key from your account; keys are stored as a SHA-256 hash only.

Authentication

Send your key on every request (no browser cookies):

Authorization: Bearer <your-api-key>

Member API keys use scopes upload, file:read, and file:write. Reseller keys use reseller:codes. Rotate your key in the account dashboard to pick up new scopes; rotation revokes the previous key immediately.

Admin can disable the member API or reseller API modules in site settings — disabled modules return 403.

Limits & availability

  • Per-file and total storage limits follow site settings (same as the web uploader).
  • Member API requests are rate-limited per account + IP: upload, remote URL import, copy from public, read (list/metadata/download links), and write (delete, move, folders, metadata) each have separate hourly limits in admin settings.
  • Remote URL import requires the Remote URL upload mod; copy from public requires the Copy files mod.
  • Blocked executable types and risky extensions are rejected.
  • Upload and download may return 503 when site maintenance mode blocks those actions.

Member API endpoints

POST /api/v1/upload

Requires scope upload. Body: multipart/form-data with fields file (the bytes) and agree_tos (must be 1 or true to confirm acceptance of the Terms of Service). Returns JSON metadata for the new file (id, publicCode (12-character partner id), name, MIME type, size, status, timestamps).

curl -X POST "https://vfxstudio.co/api/v1/upload" \
  -H "Authorization: Bearer YOUR_KEY_HERE" \
  -F "agree_tos=1" \
  -F "file=@./document.pdf"

POST /api/v1/upload/from-url

Requires scope upload. The server fetches a public HTTP(S) URL and stores the file on your account (same rules as the web Remote URL uploader). Body: JSON with url (http or https, max 2048 chars) and agreeTos (must be true). Returns JSON metadata when the import completes. Large files may take several minutes; the request can run up to 30 minutes before timing out.

curl -X POST "https://vfxstudio.co/api/v1/upload/from-url" \
  -H "Authorization: Bearer YOUR_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{"url":"https://example.com/files/report.pdf","agreeTos":true}'

POST /api/v1/upload/copy-from-public

Requires scope upload. Copies a public file already hosted on this site into your account (same rules as the web Copy files uploader). Body: JSON with agreeTos (must be true) and either fileId (internal file id) or url (a public download link from this site, max 2048 chars). Password-protected or non-public files are rejected. Returns JSON metadata when the copy completes.

curl -X POST "https://vfxstudio.co/api/v1/upload/copy-from-public" \
  -H "Authorization: Bearer YOUR_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{"fileId":"FILE_ID_HERE","agreeTos":true}'

POST /api/v1/file/<id>/download

Requires scope file:read. Mints a short-lived direct download URL (/d/…) for a file you own. Use either internal id or publicCode in the path. The response is JSON with downloadUrl — open that URL to stream the file bytes (not returned inline by the API).

curl -X POST "https://vfxstudio.co/api/v1/file/PUBLIC_CODE/download" \
  -H "Authorization: Bearer YOUR_KEY_HERE"

GET /api/v1/file/<id-or-code>

Requires scope file:read. Returns JSON metadata for a file you own, including publicCode.

curl "https://vfxstudio.co/api/v1/file/PUBLIC_CODE" \
  -H "Authorization: Bearer YOUR_KEY_HERE"

POST /api/v1/upload/init · PUT …/upload/part · POST …/upload/complete

Requires scope upload. Chunked upload for large files: init returns fileId, chunkSize, and totalParts. Upload each part with PUT /upload/part?fileId=…&partIndex=0 (raw bytes body). Call complete with {"fileId":"…"} to merge parts. Init and complete count against the upload rate limit; part uploads use a separate API part limit (scaled from the upload setting, not the web UI upload limit).

GET /api/v1/files

Requires scope file:read. Lists active files and folders. Query: page, pageSize, q (search), parent (folder path), sort (createdAt, name, size, …), order (asc/desc).

curl "https://vfxstudio.co/api/v1/files?page=1&pageSize=30&sort=createdAt&order=desc" \
  -H "Authorization: Bearer YOUR_KEY_HERE"

GET /api/v1/files/trash

Requires scope file:read. Lists deleted items in recoverable trash. Supports page, per_page, q, sort_field, sort_order.

GET /api/v1/account/storage

Requires scope file:read. Returns usedBytes, maxBytes (or null if unlimited), activeFileCount, and activeFolderCount.

PATCH /api/v1/file/<id-or-code>

Requires scope file:write. Update metadata: isPublic, isPremium, originalName (rename), description, accessPassword / clearAccessPassword, parentPath or parentFolderId (move files; folders cannot be moved yet).

DELETE /api/v1/file/<id-or-code>

Requires scope file:write. Moves a file to trash (soft delete). Folders cannot be deleted with this endpoint — use bulk delete instead.

POST /api/v1/folders

Requires scope file:write. Body: {"name":"My folder","parentFolderId":"…"} or parentPath. Returns id and publicCode.

POST /api/v1/files/bulk-delete · POST …/bulk-move · POST …/trash/restore

Requires scope file:write. Bulk delete: {"ids":["…"]} (site limit from Admin → Settings → Mods → API, default 100; must be enabled there). When a folder id is included, all files and subfolders inside it are trashed as well. Bulk move: {"ids":["…"],"targetParentFolderId":"…"}. Restore: {"ids":["…"]} from trash.

Reseller API endpoints

Requires an approved reseller account and a key with scope reseller:codes. Manage keys under Account → Reseller. See also the reseller program page.

GET /api/v1/reseller/packages

Lists wholesale packages available for key generation.

curl "https://vfxstudio.co/api/v1/reseller/packages" \
  -H "Authorization: Bearer RESELLER_KEY_HERE"

GET /api/v1/reseller/codes

Lists premium keys you generated. Supports pagination and filters (page, perPage, status, code).

curl "https://vfxstudio.co/api/v1/reseller/codes?page=1&perPage=30" \
  -H "Authorization: Bearer RESELLER_KEY_HERE"

POST /api/v1/reseller/codes

Generates a new premium activation key. JSON body: {"packageKey":"..."}. Debits your reseller balance at wholesale cost.

curl -X POST "https://vfxstudio.co/api/v1/reseller/codes" \
  -H "Authorization: Bearer RESELLER_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{"packageKey":"premium_30d"}'

GET /api/v1/reseller/codes/<id-or-code>

Returns metadata for a single key you own.

curl "https://vfxstudio.co/api/v1/reseller/codes/CODE_HERE" \
  -H "Authorization: Bearer RESELLER_KEY_HERE"

Admin and member browser APIs remain separate; this page documents the public v1 key API only.