Skip to main content
copyparty provides a comprehensive HTTP API for programmatic access to all server features including file uploads, downloads, search, and administration.

Base URL

All API endpoints are relative to your copyparty server’s base URL: 
http://your-server:3923/
For HTTPS: 
https://your-server:3923/

API Categories

copyparty’s HTTP API is organized into several functional areas:

Upload API

Upload files using PUT, multipart POST, or the resumable up2k protocol

Download API

Download files, folders as zip/tar archives, and stream content

Search API

Search files by name, tags, metadata, and content hashes

Authentication

Authenticate requests using headers, cookies, or URL parameters

HTTP Methods

copyparty supports standard HTTP methods:
  • GET - Retrieve files, listings, and metadata
  • HEAD - Get file metadata without downloading
  • POST - Upload files (multipart), search, administrative actions
  • PUT - Upload files directly
  • DELETE - Delete files and folders (requires permissions)

Response Formats

The API supports multiple response formats:
  • JSON - Structured data for search results, file listings
  • HTML - Browser-friendly views
  • Plaintext - Simple listings for scripts
  • Binary - File downloads, thumbnails

Common URL Parameters

Many endpoints support these URL parameters:
ls
string
default:"json"
List files/folders. Values: blank (JSON), t (plaintext), v (terminal-formatted)
pw
string
Authentication password. Format: password or username:password if --usernames is enabled
dots
boolean
Include dotfiles in listings (requires permission)
j
boolean
Return JSON response instead of plaintext

CORS Support

All non-GET/HEAD requests require CORS validation. Configure CORS settings with:
  • --no-cors - Disable CORS checks
  • --no-cors-s - Disable CORS for same-host requests

Rate Limiting

Some endpoints implement rate limiting:
  • Search: 0.7 second penalty between searches that take > 0.7s
  • Uploads: Configurable with --ban-pw (default: 24h ban for 9 failed auth attempts)

Error Codes

CodeMeaning
400Bad Request - Invalid parameters or malformed request
401Unauthorized - Authentication required
403Forbidden - Insufficient permissions
404Not Found - File or path does not exist
405Method Not Allowed - HTTP method not supported
429Too Many Requests - Rate limit exceeded
500Internal Server Error

Security Notes

  • Password authentication via URL parameter ?pw= can be disabled with --pw-urlp=A
  • Header authentication via PW: can be disabled with --pw-hdr=A
  • Basic auth can be disabled with --no-bauth
  • Failed authentication attempts trigger bans (configurable with --ban-pw)

Client Libraries

Official clients:

Next Steps

Upload Files

Learn about upload endpoints and the up2k protocol

Download Files

Download files and create archives

Build docs developers (and LLMs) love

Get started for freeTalk to us