REST API reference
Manage FTP users, browse events, and configure webhooks programmatically with the TrueFTP REST API.
The TrueFTP REST API lets you manage your account programmatically — create FTP users, read the audit event stream, and configure webhooks. It is available on paid plans only.
This is distinct from the S3-compatible API: the REST API uses a tftp_ Bearer token, while the S3 API uses an AKIA… access key + secret.
Base URL
https://www.trueftp.com/api/ext/v1
Authentication
Create an API key in the dashboard under API Keys. The token is shown once — store it securely. Send it as a Bearer token:
curl https://www.trueftp.com/api/ext/v1/account \
-H "Authorization: Bearer tftp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"The account is derived from the key — you never pass an account ID.
Scopes
Each key has scopes:
read— allGETendpointswrite— create / update / delete
A request lacking the required scope returns 403.
Rate limits
Each key has an hourly limit (default 1000/hour). Responses include X-RateLimit-Limit and X-RateLimit-Remaining; exceeding it returns 429 with a Retry-After header.
Endpoints
| Method | Path | Scope | Description |
|---|---|---|---|
| GET | /account | read | Your account + quotas |
| GET | /ftp-users | read | List FTP users |
| POST | /ftp-users | write | Create an FTP user |
| GET | /ftp-users/{id} | read | Get an FTP user |
| PUT | /ftp-users/{id} | write | Update an FTP user |
| DELETE | /ftp-users/{id} | write | Delete an FTP user |
| GET | /ftp-users/{id}/files?path=&search=&cursor=&limit= | read | List a folder (cursor-paginated, prefix search) |
| GET | /ftp-users/{id}/files/download?path= | read | Download a file (streamed) |
| POST | /ftp-users/{id}/files?path= | write | Upload a file (multipart file) |
| DELETE | /ftp-users/{id}/files?path= | write | Delete a file (or folder if path ends /) |
| POST | /ftp-users/{id}/files/mkdir?path= | write | Create a folder |
| GET | /events?limit=&offset= | read | Paginated file-operation events |
| GET | /webhooks | read | List webhooks |
| POST | /webhooks | write | Create a webhook |
| GET | /webhooks/{id} | read | Get a webhook |
| PUT | /webhooks/{id} | write | Update a webhook |
| DELETE | /webhooks/{id} | write | Delete a webhook |
| GET | /webhooks/{id}/deliveries | read | Recent delivery attempts |
Create an FTP user
curl -X POST https://www.trueftp.com/api/ext/v1/ftp-users \
-H "Authorization: Bearer tftp_..." \
-H "Content-Type: application/json" \
-d '{"username":"pipeline","password":"a-strong-secret","can_write":true}'List events (pagination)
List endpoints return a consistent envelope:
curl "https://www.trueftp.com/api/ext/v1/events?limit=50&offset=0" \
-H "Authorization: Bearer tftp_..."{ "data": [ /* … */ ], "limit": 50, "offset": 0, "total": 1287 }Errors
Errors are JSON with an error field:
{ "error": "missing required scope: write" }| Status | Meaning |
|---|---|
| 401 | Missing / invalid / expired token |
| 403 | Free plan, suspended account, or missing scope |
| 404 | Resource not found |
| 429 | Rate limit exceeded |