Developer API

Base URL: https://tempfile.org/api

Overview

Our REST API enables developers to integrate temporary file hosting into their applications. Upload files programmatically, get instant download URLs, and leverage automatic deletion for secure temporary storage.

1. Upload Local File

Endpoint: POST /api/upload/local

Content-Type: multipart/form-data

Parameters

• files - File(s) to upload (required)
• expiryHours - Hours until deletion: 1, 6, 24, or 48 (default: 1)

Example Request

curl -X POST https://tempfile.org/api/upload/local \
  -F "[email protected]" \
  -F "expiryHours=24"

Response

{
  "success": true,
  "files": [
    {
      "id": "file_1725187234567_abc123def",
      "name": "document.pdf",
      "size": 2048576,
      "url": "https://tempfile.org/file_1725187234567_abc123def/",
      "expiryTime": 1725273634567
    }
  ],
  "message": "1 file(s) uploaded successfully"
}

2. Upload from URL

Endpoint: POST /api/upload/url

Content-Type: application/json

Parameters

• url - Source URL to download (required)
• customName - Custom filename (optional)
• expiryHours - Hours until deletion: 1, 6, 24, or 48 (default: 1)

Example Request

curl -X POST https://tempfile.org/api/upload/url \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://example.com/image.jpg",
    "customName": "my-image.jpg",
    "expiryHours": 6
  }'

Response

{
  "success": true,
  "file": {
    "id": "file_1725187234567_xyz789abc",
    "name": "my-image.jpg",
    "size": 1024000,
    "url": "https://tempfile.org/file_1725187234567_xyz789abc/",
    "expiryTime": 1725208834567
  }
}

3. Get File Information

Endpoint: GET /api/file/{fileId}

Example Request

curl https://tempfile.org/api/file/file_1725187234567_abc123de

Response

{
  "success": true,
  "file": {
    "id": "file_1725187234567_abc123def",
    "name": "document.pdf",
    "size": 2048576,
    "mimeType": "application/pdf",
    "uploadTime": 1725187234567,
    "expiryTime": 1725273634567,
    "exists": true,
    "downloadUrl": "/file_1725187234567_abc123de/download",
    "security": {
    - `hasWarning` (boolean): Whether file triggered security alerts
    - `warningLevel` (string): Risk level - "none", "low", "medium", "high"
    - `warningMessage` (string): Human-readable warning description
    - `suspiciousPatterns` (array): Detected patterns (e.g., [".exe", "eval("])
    }
  }
}

4. Get File Security Information

Endpoint: GET /api/file/{fileId}/security

Returns detailed security analysis including risk assessment, detected patterns, and safety recommendations.

Example Request

curl https://tempfile.org/api/file/file_1725187234567_abc123de/security

Response

{
      "success": true,
      "security": {
        "fileId": "file_1725187234567_abc123de",
        "fileName": "project-build.zip",
        "mimeType": "application/x-zip-compressed",
        
        "hasWarning": true,
        "suspiciousPatterns": [".exe", ".bat"],
        
        "hash": "a1b2c3d4e5f6789...",
        "size": 127133,
        
        "uploadType": "local",
        "uploadTime": 1725187234567,
        "clientIP": "172.71.130.xxx",
        
        "riskLevel": "medium",
        "recommendations": [
          "Scan file with antivirus before opening",
          "Verify file source is trustworthy",
          "Open in isolated/sandboxed environment if possible",
          "Extract archive in secure location and inspect contents before execution"
        ]
      }
    }

Security Fields

• hasWarning (boolean): Whether file triggered security alerts
• suspiciousPatterns (array): Detected patterns like [".exe", "eval(", "shell_exec"]
• riskLevel (string): Overall risk assessment - "safe", "low", "medium", "high", or "unknown"
• recommendations (array): Safety recommendations based on detected patterns
• hash (string): SHA-256 hash for file integrity verification

Risk Levels

Level	Description	Example Patterns
safe	No security warnings detected	Clean files like images, PDFs, documents
low	Common development patterns	eval(), exec() in scripts
medium	Contains executable files	.exe, .bat, .cmd in archives
high	Potentially dangerous content	vbscript:, shell_exec, root exploits
unknown	Warning exists but pattern unclear	Unclassified suspicious patterns

Best Practices for API Consumers

• Check warnings before download: Always inspect hasWarning and riskLevel
• Display warnings to users: Show recommendations array to end users
• Log suspicious downloads: Track files with riskLevel of "medium" or "high"
• Implement client-side scanning: Add additional antivirus checks for high-risk files
• Verify file integrity: Compare hash after download to detect tampering

Example: Handling Security Warnings in Code

// JavaScript example
    async function downloadFile(fileId) {
      // Get security info first
      const securityResponse = await fetch(`/api/file/${fileId}/security`);
      const securityData = await securityResponse.json();
      
      if (!securityData.success) {
        console.error('Failed to get security info');
        return;
      }
      
      const { riskLevel, recommendations, hasWarning } = securityData.security;
      
      // Warn user if file has security concerns
      if (hasWarning) {
        const proceed = confirm(
          `Security Warning (${riskLevel.toUpperCase()} risk):\n\n` +
          recommendations.join('\n') +
          '\n\nDo you want to proceed with download?'
        );
        
        if (!proceed) return;
      }
      
      // Proceed with download
      window.location.href = `/api/file/${fileId}/download`;
    }

5. Delete File

Endpoint: DELETE /api/file/{fileId}

Example Request

curl -X DELETE https://tempfile.org/api/file/file_1725187234567_abc123def

Response

{
  "success": true,
  "message": "File deleted successfully"
}

6. Direct File Download

Endpoint: GET /{fileId}/download

Returns the actual file content with appropriate headers for download.

Example Request

curl -L https://tempfile.org/file_1725187234567_abc123def/download \
  -o downloaded_file.pdf

Error Responses

All endpoints return consistent error formats:

{
  "success": false,
  "error": "Descriptive error message"
}

Common Error Codes

• 400 - Bad request (invalid parameters)
• 404 - File not found or expired
• 413 - File too large (max 100MB)
• 429 - Rate limit exceeded
• 500 - Server error

Usage Examples

JavaScript/Node.js

// Upload file
const formData = new FormData();
formData.append('files', fileInput.files[0]);
formData.append('expiryHours', '24');

try {
  const response = await fetch('https://tempfile.org/api/upload/local', {
    method: 'POST',
    body: formData
  });

  if (!response.ok) {
    throw new Error(`HTTP ${response.status}: ${response.statusText}`);
  }

  const result = await response.json();
  
  if (result.success) {
    console.log('Upload URL:', result.files[0].url);
    console.log('File ID:', result.files[0].id);
    console.log('Expires at:', new Date(result.files[0].expiryTime));
  } else {
    throw new Error(result.error);
  }
} catch (error) {
  console.error('Upload failed:', error.message);
}

Python

import requests

# Upload file
with open('document.pdf', 'rb') as f:
    files = {'files': f}
    data = {'expiryHours': '24'}
    response = requests.post(
        'https://tempfile.org/api/upload/local',
        files=files,
        data=data
    )
    
result = response.json()
print(f"Upload URL: {result['files'][0]['url']}")

PHP

$curl = curl_init();
curl_setopt_array($curl, [
    CURLOPT_URL => 'https://tempfile.org/api/upload/local',
    CURLOPT_POST => true,
    CURLOPT_POSTFIELDS => [
        'files' => new CURLFile('document.pdf'),
        'expiryHours' => '24'
    ],
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_TIMEOUT => 60,
    CURLOPT_FOLLOWLOCATION => true
]);

$response = curl_exec($curl);
$httpCode = curl_getinfo($curl, CURLINFO_HTTP_CODE);

if (curl_error($curl)) {
    echo "Error: " . curl_error($curl);
} else {
    $result = json_decode($response, true);
    if ($result && $result['success']) {
        echo "Upload URL: " . $result['files'][0]['url'];
    } else {
        echo "Upload failed: " . ($result['error'] ?? 'Unknown error');
    }
}

curl_close($curl);

Best Practices

• Error Handling: Always check the success field in responses
• File Validation: Validate file types and sizes before uploading
• Rate Limiting: Respect the 10 uploads per hour limit
• Security: Only upload files you have rights to share
• Expiry Planning: Choose appropriate deletion times for your use case
• URL Downloads: Ensure URLs are publicly accessible and safe

Common Use Cases

• Temporary File Sharing: Share documents between team members
• Application Integration: Add file upload to web/mobile apps
• Backup Solutions: Temporary backups with auto-cleanup
• Development Testing: Test file uploads in development environments
• Content Distribution: Temporary hosting for digital assets
• Data Processing: Temporary storage for file processing workflows

Rate Limits & Fair Usage

Our API implements fair usage policies to ensure service quality for all users:

• Upload Limit: 10 files per hour per IP address
• Download Limit: 50 downloads per 15 minutes
• Global Limit: 100 API requests per 15 minutes
• File Size: 100MB maximum per file
• Retention: 48 hours maximum

Rate limit headers are included in API responses:

X-RateLimit-Limit: 10
X-RateLimit-Remaining: 7
X-RateLimit-Reset: 1725190834

Security & Content Scanning

All files uploaded through the API are automatically:

• Virus Scanned: Malware detection before storage
• Content Validated: File type verification
• Size Checked: Enforcement of 100MB limit
• HTTPS Encrypted: Secure transmission and storage
• Auto-Deleted: Guaranteed removal after expiry

Response Formats

All API responses use JSON format with consistent structure:

Success Response

{
  "success": true,
  "files": [...],     // For upload endpoints
  "file": {...},      // For single file operations
  "message": "..."    // Human-readable message
}

Error Response

{
  "success": false,
  "error": "Descriptive error message"
}

File URLs and Access

Uploaded files are accessible via multiple URL formats:

• Interstitial Page: /{fileId}/ - Shows file info with download link
• Direct Download: /{fileId}/download - Immediate file download
• Image Preview: /{fileId}/preview - For image files only

Integration Examples

Simple File Upload Widget

async function uploadFile(file) {
  const formData = new FormData();
  formData.append('files', file);
  formData.append('expiryHours', '24');
  
  try {
    const response = await fetch('/api/upload/local', {
      method: 'POST',
      body: formData
    });
    
    const result = await response.json();
    if (result.success) {
      return result.files[0].url;
    } else {
      throw new Error(result.error);
    }
  } catch (error) {
    console.error('Upload failed:', error);
    throw error;
  }
}

Batch File Processing

// Process multiple URLs
const urls = [
  'https://example.com/doc1.pdf',
  'https://example.com/doc2.pdf'
];

const uploadPromises = urls.map(url => 
  fetch('/api/upload/url', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({ url, expiryHours: 12 })
  }).then(r => r.json())
);

const results = await Promise.all(uploadPromises);
const uploadedFiles = results
  .filter(r => r.success)
  .map(r => r.file.url);

Webhooks & Notifications

Currently, the API operates on a pull-based model. For file status updates:

• Poll the file info endpoint to check file status
• Monitor the exists field to detect deletion
• Track expiryTime for proactive cleanup

Terms of Use

API usage is subject to our Terms of Service. Key points:

• No prohibited content (malware, adult content, illegal material)
• Respect rate limits and fair usage policies
• Do not use for permanent file storage
• Commercial usage requires explicit permission
• Users are responsible for content they upload

Changelog

Version 1.0 (September 2025)

• Initial API release with upload and download endpoints
• Support for local file and URL-based uploads
• Automatic virus scanning and content validation
• Flexible retention periods (1-48 hours)

Version 1.5 (October 2025)

• Improved file upload security
• Added new detailed security endpoint
• Fixed File Validator bugs

Version 1.7 (October 2025)

• Fixed api/upload/local endpoint bugs
• Added telegram bot @tempfile_bot
• Fixed an issue with telegram batch uploads