POST /v1/upload

One request, one file, one URL back. Use this from shell scripts, servers, or any environment that doesn’t need progress bars or resumable uploads.

For uploads from the browser, or any file over 100 MiB, use the SDK which handles the sign + PUT + complete flow with progress events.

Request

POST https://api.dropkit.app/v1/upload
Authorization: Bearer sk_live_...

Body: multipart

curl -X POST https://api.dropkit.app/v1/upload \
  -H "authorization: Bearer sk_live_..." \
  -F "file=@photo.jpg"

The multipart field name must be file. The file’s Content-Type and filename are read from the multipart headers.

Body: raw binary

curl -X POST https://api.dropkit.app/v1/upload \
  -H "authorization: Bearer sk_live_..." \
  -H "content-type: image/jpeg" \
  -H "x-filename: photo.jpg" \
  --data-binary @photo.jpg

The request’s Content-Type is stored as the file’s mime. X-Filename sets the display name; defaults to upload.

Response

{
  "id": "ggdhhwrfarqp",
  "url": "https://cdn.dropkit.app/ggdhhwrfarqp",
  "name": "photo.jpg",
  "size": 283910,
  "type": "image/jpeg"
}

Status 201. The URL is immediately live.

Auth

Use a server key (sk_live_...). You can also use a browser key (pk_live_...) but origin restrictions and rate limits apply as usual.

Limits

100 MiB per request. Cloudflare Workers cap request bodies at this size. Larger files must use the SDK sign flow.
Per-plan cap on the sign flow: 100 MB on Free, 5 GiB on paid plans.

Errors

HTTP	code	meaning
401	`missing_auth`	No Authorization header
401	`invalid_key`	Key not recognized
403	`origin_not_allowed`	Browser key origin not on the allowlist
400	`missing_file`	No `file` part in multipart body
400	`empty_body`	Request body is empty
413	`too_large`	Body exceeds 100 MiB