Secure file transfer API

Doc's is outdated. We are currently working on new documentation. Sorry for the inconvenience. API lets you send, list and download encrypted files through a simple, structured Application Programming Interface (API).

Our friendly build-in API lets you manage your data securely and an easy way, so let’s get started!


Let's get started #

  1. Learn how to generate your first API token and authenticate to API.
  2. Upload you first file.
  3. Send secured file to client.


API endpoints #

All API endpoints are located in From there on, you will find a logical structure that fits to the REST standards.

Here's a quick summary of the API methods.

  • GET: all GET requests are for data listing, for example to list files or messages in your inbox.
  • POST: a POST method is used to add a new data to applications, like files or messages.
  • DELETE: the DELETE method is used to delete specific data from your account.
  • PATCH: this method is used to update information.


Response data #

The only format API support is JSON. Here's an example payload of the /api/files endpoint.

	"data": [
			"id": "fad2027a-ac89-4ef4-baab-95b2fb316cf1",
			"filename": "some_file_name",
			// ...
			"id": "5f6f4b50-ddd0-46b9-b9f3-8a6ef3395aa3",
			"filename": "payment",

			// ...

Each endpoint will return specific data for that request.


Request Rate Limiting #

We do enforce a small amount of rate limiting. Our current limits are 300 requests every 1 minute and are limited by IP address.

You can use the X-RateLimit headers that get returned with every request to keep track of your current limits. If you exceed the limit, you will receive a 429 HTTP status. As soon as your cool down period expires, you are free to continue making requests.

Here's an example of what the headers look like on a rate limited request:

HTTP/1.1 200 OK
Date: Thu, 16 May 2019 07:52:21 GMT
Server: Apache/2.4.29 (Ubuntu)
Vary: Authorization
Cache-Control: public, max-age=28800
X-RateLimit-Limit: 300
X-RateLimit-Remaining: 299
x-robots-tag: none
Access-Control-Allow-Origin: *
Content-Type: application/json