Versioned HTTP API for integrations. All v1 routes live under /api/v1 and use JSON or multipart responses. Generate a secret key from your account; keys are stored as a SHA-256 hash only.
Send your key on every request (no browser cookies):
Authorization: Bearer <your-api-key>
Member API keys use scopes upload, file:read, and file:write. Reseller keys use reseller:codes. Rotate your key in the account dashboard to pick up new scopes; rotation revokes the previous key immediately.
Admin can disable the member API or reseller API modules in site settings — disabled modules return 403.
503 when site maintenance mode blocks those actions.POST /api/v1/uploadRequires scope upload. Body: multipart/form-data with fields file (the bytes) and agree_tos (must be 1 or true to confirm acceptance of the Terms of Service). Returns JSON metadata for the new file (id, publicCode (12-character partner id), name, MIME type, size, status, timestamps).
curl -X POST "https://vfxstudio.co/api/v1/upload" \ -H "Authorization: Bearer YOUR_KEY_HERE" \ -F "agree_tos=1" \ -F "file=@./document.pdf"
POST /api/v1/upload/from-urlRequires scope upload. The server fetches a public HTTP(S) URL and stores the file on your account (same rules as the web Remote URL uploader). Body: JSON with url (http or https, max 2048 chars) and agreeTos (must be true). Returns JSON metadata when the import completes. Large files may take several minutes; the request can run up to 30 minutes before timing out.
curl -X POST "https://vfxstudio.co/api/v1/upload/from-url" \
-H "Authorization: Bearer YOUR_KEY_HERE" \
-H "Content-Type: application/json" \
-d '{"url":"https://example.com/files/report.pdf","agreeTos":true}'POST /api/v1/upload/copy-from-publicRequires scope upload. Copies a public file already hosted on this site into your account (same rules as the web Copy files uploader). Body: JSON with agreeTos (must be true) and either fileId (internal file id) or url (a public download link from this site, max 2048 chars). Password-protected or non-public files are rejected. Returns JSON metadata when the copy completes.
curl -X POST "https://vfxstudio.co/api/v1/upload/copy-from-public" \
-H "Authorization: Bearer YOUR_KEY_HERE" \
-H "Content-Type: application/json" \
-d '{"fileId":"FILE_ID_HERE","agreeTos":true}'POST /api/v1/file/<id>/downloadRequires scope file:read. Mints a short-lived direct download URL (/d/…) for a file you own. Use either internal id or publicCode in the path. The response is JSON with downloadUrl — open that URL to stream the file bytes (not returned inline by the API).
curl -X POST "https://vfxstudio.co/api/v1/file/PUBLIC_CODE/download" \ -H "Authorization: Bearer YOUR_KEY_HERE"
GET /api/v1/file/<id-or-code>Requires scope file:read. Returns JSON metadata for a file you own, including publicCode.
curl "https://vfxstudio.co/api/v1/file/PUBLIC_CODE" \ -H "Authorization: Bearer YOUR_KEY_HERE"
POST /api/v1/upload/init · PUT …/upload/part · POST …/upload/completeRequires scope upload. Chunked upload for large files: init returns fileId, chunkSize, and totalParts. Upload each part with PUT /upload/part?fileId=…&partIndex=0 (raw bytes body). Call complete with {"fileId":"…"} to merge parts. Init and complete count against the upload rate limit; part uploads use a separate API part limit (scaled from the upload setting, not the web UI upload limit).
GET /api/v1/filesRequires scope file:read. Lists active files and folders. Query: page, pageSize, q (search), parent (folder path), sort (createdAt, name, size, …), order (asc/desc).
curl "https://vfxstudio.co/api/v1/files?page=1&pageSize=30&sort=createdAt&order=desc" \ -H "Authorization: Bearer YOUR_KEY_HERE"
GET /api/v1/files/trashRequires scope file:read. Lists deleted items in recoverable trash. Supports page, per_page, q, sort_field, sort_order.
GET /api/v1/account/storageRequires scope file:read. Returns usedBytes, maxBytes (or null if unlimited), activeFileCount, and activeFolderCount.
PATCH /api/v1/file/<id-or-code>Requires scope file:write. Update metadata: isPublic, isPremium, originalName (rename), description, accessPassword / clearAccessPassword, parentPath or parentFolderId (move files; folders cannot be moved yet).
DELETE /api/v1/file/<id-or-code>Requires scope file:write. Moves a file to trash (soft delete). Folders cannot be deleted with this endpoint — use bulk delete instead.
POST /api/v1/foldersRequires scope file:write. Body: {"name":"My folder","parentFolderId":"…"} or parentPath. Returns id and publicCode.
POST /api/v1/files/bulk-delete · POST …/bulk-move · POST …/trash/restoreRequires scope file:write. Bulk delete: {"ids":["…"]} (site limit from Admin → Settings → Mods → API, default 100; must be enabled there). When a folder id is included, all files and subfolders inside it are trashed as well. Bulk move: {"ids":["…"],"targetParentFolderId":"…"}. Restore: {"ids":["…"]} from trash.
Requires an approved reseller account and a key with scope reseller:codes. Manage keys under Account → Reseller. See also the reseller program page.
GET /api/v1/reseller/packagesLists wholesale packages available for key generation.
curl "https://vfxstudio.co/api/v1/reseller/packages" \ -H "Authorization: Bearer RESELLER_KEY_HERE"
GET /api/v1/reseller/codesLists premium keys you generated. Supports pagination and filters (page, perPage, status, code).
curl "https://vfxstudio.co/api/v1/reseller/codes?page=1&perPage=30" \ -H "Authorization: Bearer RESELLER_KEY_HERE"
POST /api/v1/reseller/codesGenerates a new premium activation key. JSON body: {"packageKey":"..."}. Debits your reseller balance at wholesale cost.
curl -X POST "https://vfxstudio.co/api/v1/reseller/codes" \
-H "Authorization: Bearer RESELLER_KEY_HERE" \
-H "Content-Type: application/json" \
-d '{"packageKey":"premium_30d"}'GET /api/v1/reseller/codes/<id-or-code>Returns metadata for a single key you own.
curl "https://vfxstudio.co/api/v1/reseller/codes/CODE_HERE" \ -H "Authorization: Bearer RESELLER_KEY_HERE"
Admin and member browser APIs remain separate; this page documents the public v1 key API only.