API Documentation
Complete API reference for secure file sharing with RFC 8188 encryption
๐ Overview
Base URL:
http://localhost:3001/api # Development
https://your-domain.com/api # ProductionAuthentication:
- Most endpoints are public but rate-limited
- Download endpoints require encryption key in header
- Admin endpoints have no authentication (add auth for production!)
๐ค Upload Endpoints
POST /upload
Upload an encrypted file with metadata. Rate limited to 10 uploads per 15 minutes per IP.
Request Body (multipart/form-data):
file- The encrypted file to uploadkey- 32-character hex-encoded encryption keysalt- 32-character hex-encoded saltretentionHours- Optional retention period (default: 24, max: 168)
Response (201):
{
"id": "uuid-string",
"downloadUrl": "/api/download/uuid-string",
"expiresAt": "2025-09-13T10:00:00.000Z"
}Error Responses:
400- Bad request (missing file, invalid params)413- File too large (>100MB default)429- Rate limit exceeded500- Upload failed
๐ฅ Download Endpoints
GET /download/{id}
Download and decrypt a file using the provided encryption key.
Headers:
x-encryption-key: 32-character-hex-keyAlternative Query Parameter:
GET /download/{id}?key=hex-encoded-keyResponse (200):
- Content-Type: Original file MIME type
- Content-Disposition:
attachment; filename="original-name.ext" - Body: Binary file data (decrypted)
GET /download/{id}/info
Get file metadata without downloading the actual file.
Response (200):
{
"filename": "document.pdf",
"size": 1048576,
"contentType": "application/pdf",
"uploadDate": "2025-09-12T10:00:00.000Z",
"expiresAt": "2025-09-13T10:00:00.000Z",
"downloadCount": 3
}โ๏ธ Admin Endpoints
GET /admin/stats
Retrieve current storage statistics and configuration.
Response (200):
{
"totalFiles": 150,
"totalSize": 524288000,
"expiredFiles": 12,
"config": {
"maxFileSize": 104857600,
"defaultRetentionHours": 24,
"maxRetentionHours": 168,
"allowedExtensions": null
}
}POST /admin/cleanup
Manually trigger cleanup of expired files.
Response (200):
{
"message": "Cleaned up 12 expired files",
"cleanedCount": 12
}GET /admin/config
Get current server configuration.
PUT /admin/config
Update server configuration (runtime only).
Request Body:
{
"defaultRetentionHours": 48,
"maxRetentionHours": 336,
"maxFileSize": 209715200
}๐ฅ Health Check
GET /health
Check service status and version.
Response (200):
{
"status": "ok",
"timestamp": "2025-09-12T10:00:00.000Z",
"version": "1.0.0"
}๐ Rate Limits
| Endpoint | Limit | Window |
|---|---|---|
POST /upload |
10 requests | 15 minutes |
| All other endpoints | 100 requests | 15 minutes |
| Download endpoints | No limit | - |
๐ Error Handling
All error responses follow this format:
{
"error": "Human-readable error message"
}Common HTTP Status Codes:
200- Success201- Created (upload success)400- Bad Request (invalid input)404- Not Found (file expired/missing)413- File Too Large429- Rate Limit Exceeded500- Internal Server Error
๐ Getting Started
Ready to start using the Whirlcrypt API? Check out:
- ๐ OpenAPI Specification - For code generation
- ๐งช Interactive Testing - Try the API live
- ๐ Source Code - Complete implementation