API reference

API documentation

This product is API-first: the UI is a thin layer. Everything it does is a documented HTTP call, and every form you see is rendered from /api/_meta. Anything you can do in the app, you can do over REST.

Base URL & interactive docs

The public base URL is https://api.file-convert.balancingagent.info. From inside the app, same-origin /api/... paths work too (the frontend proxies them to the API).

Prefer to explore interactively? The OpenAPI / Swagger UI lives at https://api.file-convert.balancingagent.info/docs ↗ and the raw schema at https://api.file-convert.balancingagent.info/openapi.json ↗.

Authentication

The API accepts three identity modes. Pick whichever fits how you're calling it.

1. Bearer token (session or anonymous)

Send Authorization: Bearer <token>. You can mint a throwaway anonymous token with POST /api/anon/session, which returns { token }. Files created under an anonymous session are ephemeral.

2. API key

Send X-API-Key: <key>. Manage keys via POST /api/api-keys, GET /api/api-keys and DELETE /api/api-keys/{key_id}.

3. Gateway identity headers

When cdn-app's gateway has already authenticated the caller, it forwards the identity as X-Auth-Org-Id, X-Auth-User-Id and X-Auth-Role, plus a shared X-Gateway-Key. Login and accounts are owned by the gateway, not by this app.

Isolation

Cross-tenant access returns 404, not 403, so the existence of another org's resources is never disclosed.

Auto-CRUD conventions

Most resources are managed by a single auto-CRUD factory, so the REST surface is uniform. For any resource whose base path is P:

GET P — list (paginated; keys-only GSI; supports a limit and a pagination cursor)
POST P — create
GET P/{org_id}/{id} — fetch one
PATCH P/{org_id}/{id} — partial update
DELETE P/{org_id}/{id} — delete
plus any resource-specific actions (suffix POST routes)

The concrete resources and paths below come live from /api/_meta:

fileCRUD

/api/files

conversion-jobCRUD

/api/conversion-jobs

settingCRUD

/api/settings

feature-flagCRUD

/api/feature-flags

userCRUD

/api/users

Quick examples

A few copy-pasteable starting points.

Mint an anonymous token:

curl -X POST https://api.file-convert.balancingagent.info/api/anon/session

One-shot convert a CSV to JSON with that token:

curl -X POST https://api.file-convert.balancingagent.info/api/convert \
  -H "Authorization: Bearer $TOKEN" \
  -F "file=@data.csv" \
  -F "target_format=json" \
  -F "visibility=private"

Inspect the field schema the UI renders the file form from:

curl https://api.file-convert.balancingagent.info/api/_meta/file

Endpoint reference

Search endpoints

Auto-CRUD · file

Uniform REST surface for the file resource at /api/files.

GET/api/filesList (paginated; keys-only GSI; supports limit + a pagination cursor).

POST/api/filesCreate.

GET/api/files/{org_id}/{id}Fetch one.

PATCH/api/files/{org_id}/{id}Partial update.

DELETE/api/files/{org_id}/{id}Delete.

Auto-CRUD · conversion-job

Uniform REST surface for the conversion-job resource at /api/conversion-jobs.

GET/api/conversion-jobsList (paginated; keys-only GSI; supports limit + a pagination cursor).

POST/api/conversion-jobsCreate.

GET/api/conversion-jobs/{org_id}/{id}Fetch one.

PATCH/api/conversion-jobs/{org_id}/{id}Partial update.

DELETE/api/conversion-jobs/{org_id}/{id}Delete.

Auto-CRUD · setting

Uniform REST surface for the setting resource at /api/settings.

GET/api/settingsList (paginated; keys-only GSI; supports limit + a pagination cursor).

POST/api/settingsCreate.

GET/api/settings/{org_id}/{id}Fetch one.

PATCH/api/settings/{org_id}/{id}Partial update.

DELETE/api/settings/{org_id}/{id}Delete.

Auto-CRUD · feature-flag

Uniform REST surface for the feature-flag resource at /api/feature-flags.

GET/api/feature-flagsList (paginated; keys-only GSI; supports limit + a pagination cursor).

POST/api/feature-flagsCreate.

GET/api/feature-flags/{org_id}/{id}Fetch one.

PATCH/api/feature-flags/{org_id}/{id}Partial update.

DELETE/api/feature-flags/{org_id}/{id}Delete.

Auto-CRUD · user

Uniform REST surface for the user resource at /api/users.

GET/api/usersList (paginated; keys-only GSI; supports limit + a pagination cursor).

POST/api/usersCreate.

GET/api/users/{org_id}/{id}Fetch one.

PATCH/api/users/{org_id}/{id}Partial update.

DELETE/api/users/{org_id}/{id}Delete.

Metadata contract

The discovery layer the whole UI is built from — every form and table is rendered from these schemas.

GET/api/_metaList every resource and its base path.

GET/api/_meta/{resource}Role-aware field schema, list_columns and actions for one resource.

Upload pipeline

Stream raw bytes into the API; they are white-labeled to S3 and throughput is measured.

POST/api/uploads/initStart an upload; returns { method, upload_url } where upload_url ends in /data.

PUT/api/uploads/{file_id}/dataStream the raw bytes browser → API → S3.

POST/api/uploads/{file_id}/abortAbort an in-progress upload.

Convert

One-shot or staged conversion, plus the capability graph that drives target picklists.

POST/api/convertOne-shot multipart: upload + convert in a single call (target_format + visibility + options); returns a job.

GET/api/files/{org_id}/{file_id}/conversionsAvailable targets + per-target option descriptors, with source width/height prefilled.

GET/api/convert/formatsThe full capability graph (source → target pairs).

POST/api/conversion-jobs/{org_id}/{job_id}/retryRetry a failed conversion job.

Download & share

Files stream through the API (white-labeled, Range-aware); share controls visibility.

GET/api/files/{org_id}/{file_id}/downloadStream the file through the API (HTTP Range supported); accepts a signed ?dl=<token> so a plain link needs no auth header.

POST/api/files/{org_id}/{file_id}/shareSet visibility (private/org/public/restricted); returns a public/share link.

GET/api/s/{token}Public, no-auth fetch of a shared file.

Metadata view & edit

Resilient probe of every embedded metadata container, plus write-back / strip.

GET/api/files/{org_id}/{file_id}/metadataProbe EXIF/XMP/IPTC/PNG-text/ICC, ID3/Vorbis/MP4, ffprobe, PDF, Office — returns containers/common/sections/editable.

POST/api/files/{org_id}/{file_id}/metadataBody { anonymize, strip_all, set:{section:{k:v}}, remove:{section:[k]}, as_copy }.

Reference (public, no auth)

Indexable reference content, served as data — the same content these docs pages render.

GET/api/formatsThe full format catalog.

GET/api/formats/{fmt}One format's detail.

GET/api/formats/{fmt}/templateDownload a small example/template file for a format.

GET/api/help/metadataThe metadata-guide content as data.

Account & usage

Identity, anonymous sessions, API keys, storage usage and the audit log.

GET/api/auth/meEcho the resolved identity.

POST/api/anon/sessionMint an anonymous session token.

POST/api/api-keysCreate an API key.

GET/api/api-keysList your API keys.

DELETE/api/api-keys/{key_id}Revoke an API key.

GET/api/usageStorage bytes / quota / file count.

GET/api/auditThe audit log.

Ops

Health and metrics for monitoring.

GET/api/healthLiveness check.

GET/metricsPrometheus metrics.

Build on the API

No account needed to start — mint an anonymous token and convert your first file.