# dropkit

File uploads for your app. Three lines. Downloads are always free.

- API base: https://api.dropkit.app
- Dashboard: https://dash.dropkit.app
- CDN base: https://cdn.dropkit.app
- SDK: @dropkit/upload (npm)
- React: @dropkit/react
- Svelte: @dropkit/svelte
- Docs: https://dropkit.app/docs

## Auth

API keys. Two kinds:

- pk_live_... (public): safe in the browser. Gate with origin allowlist per project.
- sk_live_... (secret): server-only. Required to delete files.

Header: `Authorization: Bearer <key>`

## Endpoints

All respond as `{ data, error }` (error is { code, message, fix? }).

- POST https://api.dropkit.app/v1/uploads/sign { name, size, mime, metadata? }
  Returns { fileId, uploadUrl, uploadHeaders, publicUrl, expiresAt }

- POST https://api.dropkit.app/v1/uploads/:fileId/complete
  Returns { file, publicUrl }

- GET https://api.dropkit.app/v1/files/:fileId
  Returns { id, name, mime, size, createdAt, status, url, metadata? }

- DELETE https://api.dropkit.app/v1/files/:fileId  (requires sk_live_)
  Returns 204.

- GET https://api.dropkit.app/v1/usage
  Returns { days: [{ projectId, date, storageBytes, uploads, downloads }] }

## Upload flow

1. Browser POSTs to https://api.dropkit.app/v1/uploads/sign with the public key.
2. Server returns uploadUrl (presigned PUT), fileId, publicUrl.
3. Browser PUTs the file directly to uploadUrl.
4. Browser POSTs /v1/uploads/:fileId/complete.
5. File is served from publicUrl.

## SDK quickstart

```ts
import { upload } from '@dropkit/upload';

const { data, error } = await upload(file, { key: 'pk_live_...' });
if (error) throw new Error(error.message);
console.log(data.url);
```

## CLI

`DROPKIT_KEY=pk_live_... npx @dropkit/upload ./photo.jpg`

## Image transforms

Append query params to the CDN URL:

`https://cdn.dropkit.app/:id?w=400&h=300&format=webp&q=80&fit=cover`

Supported: w, h, q (1-100), format (webp, avif, jpeg, png), fit (cover, contain, scale-down).