TCloud API Reference

Base URL: https://xcloudmanagement.cloud · All routes prefixed with /api · All responses are JSON.

Authentication Auth API Keys Files Folders Shares Public Links Admin

Authentication

Bearer Token (JWT)

Get a token from POST /api/auth/login. Pass it on every protected request:

Authorization: Bearer <token>

API Key

Create a key from the API Keys page inside the dashboard. Use it instead of a Bearer token:

X-API-Key: <your-api-key>

Upload example with curl:

curl -X POST https://xcloudmanagement.cloud/api/files/upload \
  -H "X-API-Key: <key>" \
  -F "file=@backup.db"

Auth Routes

POST/api/auth/registerRegister a new account

New accounts are pending until an admin approves them.

Request Body

{ "username": "alice", "email": "alice@example.com", "password": "secret123" }

Response

{ "message": "Registered. Awaiting admin approval." }

POST/api/auth/loginLog in and get a JWT token

Request Body

{ "username": "alice", "password": "secret123" }

Response

{ "token": "eyJ...", "user": { "id": 1, "username": "alice", "role": "user", "quota_bytes": 5368709120 } }

GET/api/auth/meGet current user info — requires auth

Response

{ "id": 1, "username": "alice", "email": "alice@example.com", "role": "user", "quota_bytes": 5368709120, "used_bytes": 204800 }

API Key Routes

POST/api/apikeysCreate an API key

The raw key is returned only once — store it immediately.

Request Body

{ "name": "my-backup-script" }

Response

{ "id": 1, "name": "my-backup-script", "key": "abc123..." }

GET/api/apikeysList your API keys — metadata only

Response

[ { "id": 1, "name": "my-script", "created_at": "2026-06-07 10:00:00", "last_used_at": "..." } ]

DELETE/api/apikeys/{id}Revoke a key

Response

{ "ok": true }

File Routes

GET/api/filesList files

Parameters

folder_id integer — Folder ID. Omit for root.

Response

[ { "id": 1, "name": "report.pdf", "size": 204800, "mime_type": "application/pdf" } ]

POST/api/files/uploadUpload & encrypt a file — multipart/form-data, max 2 GB

Parameters

folder_id integer — Target folder (optional)

Request Body

# multipart/form-data
file: <binary>
folder_id: 5   # optional

Response

{ "id": 42, "name": "photo.jpg", "size": 1024000 }

GET/api/files/{id}/downloadDownload & decrypt — returns binary

PATCH/api/files/{id}Rename or move

Request Body

{ "name": "new.pdf", "folder_id": 3 }  // folder_id: -1 moves to root

DELETE/api/files/{id}Delete a file

Folder Routes

GET/api/foldersList folders

Parameters

parent_id integer — Parent ID. Omit for root.

POST/api/foldersCreate a folder

Request Body

{ "name": "Backups", "parent_id": null }

GET/api/folders/{id}/pathBreadcrumb path to root

PATCH/api/folders/{id}Rename a folder

Request Body

{ "name": "Archived" }

DELETE/api/folders/{id}Delete folder & all contents recursively

Share Routes

POST/api/sharesShare a file with another user

Request Body

{ "file_id": 42, "shared_with": "bob" }

GET/api/shares/with-meFiles shared with you

GET/api/shares/by-meFiles you have shared

DELETE/api/shares/{id}Revoke a share

Public Share Links

POST/api/files/{id}/share-linkCreate a public file link

Request Body

{ "allow_download": true }

Response

{ "token": "abc123", "url": "https://xcloudmanagement.cloud/api/share/abc123" }

DELETE/api/files/{id}/share-linkRevoke a public file link

GET/api/share/{token}/downloadDownload via public link — no auth required

POST/api/folders/{id}/share-linkCreate a public folder link

Request Body

{ "allow_download": true }

Admin Routes

Requires role: admin token or API key.

GET/api/admin/usersList all users

PATCH/api/admin/users/{id}Approve / suspend / set role or quota

Request Body

{ "approved": true, "role": "user", "quota_gb": 10.0 }  // all optional

DELETE/api/admin/users/{id}Delete user & all their files

GET/api/admin/statsSystem-wide stats

Response

{ "total_users": 12, "pending_users": 2, "total_files": 340, "total_bytes": 1073741824 }

GET/api/admin/auditAdmin audit log

Parameters

limit integer — Max events (default 200)