API DOCUMENTATION
ENDPOINTS
POST
/upload
Upload one or more files. Returns a redirect URL to manage the uploaded file(s).
cURL
curl -X POST https://one.gy/upload \
-F "files=@/path/to/file.txt" \
-F "files=@/path/to/another.pdf"
Python (requests)
import requests
url = "https://one.gy/upload"
files = {
"files": open("file.txt", "rb"),
}
response = requests.post(url, files=files)
print(response.json())
# {
# "redirect": "/manage/...",
# "download_url": "https://one.gy/f/..."
# }
Python (multiple files)
import requests
url = "https://one.gy/upload"
files = [
("files", open("file1.txt", "rb")),
("files", open("file2.pdf", "rb")),
]
response = requests.post(url, files=files)
print(response.json())
cURL (E2E - pre-encrypt first)
curl -X POST https://one.gy/upload \
-F "files=@file.enc" \
-F "e2e=true" \
-F "e2e_salt=YOUR_BASE64_SALT" \
-F "e2e_iv=YOUR_BASE64_IV"
JS (encrypt + upload)
async function encryptAndUpload(file, password) {
const salt = crypto.getRandomValues(new Uint8Array(16));
const iv = crypto.getRandomValues(new Uint8Array(12));
const keyMaterial = await crypto.subtle.importKey(
"raw", new TextEncoder().encode(password), "PBKDF2", false, ["deriveBits", "deriveKey"]
);
const key = await crypto.subtle.deriveKey(
{ "name": "PBKDF2", salt, "iterations": 100000, "hash": "SHA-256" },
keyMaterial, { "name": "AES-GCM", "length": 256 }, false, [ "encrypt" ]
);
const encryptedContent = await crypto.subtle.encrypt(
{ name: "AES-GCM", iv }, key, await file.arrayBuffer()
);
const encryptedBlob = new Blob([encryptedContent]);
const saltB64 = btoa(String.fromCharCode(...salt));
const ivB64 = btoa(String.fromCharCode(...iv));
const formData = new FormData();
formData.append("files", encryptedBlob, file.name + ".enc");
formData.append("e2e", "true");
formData.append("e2e_salt", saltB64);
formData.append("e2e_iv", ivB64);
const response = await fetch("/upload", { method: "POST", body: formData });
return response.json();
}
Python (E2E encrypt + upload)
import requests
import base64
import os
from cryptography.hazmat.primitives.ciphers.aead import AESGCM
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
def encrypt_file(file_path, password):
with open(file_path, "rb") as f:
plaintext = f.read()
salt = os.urandom(16)
iv = os.urandom(12)
kdf = PBKDF2HMAC(
algorithm=hashes.SHA256(),
length=32,
salt=salt,
iterations=100000,
backend=default_backend()
)
key = kdf.derive(password.encode())
aesgcm = AESGCM(key)
ciphertext = aesgcm.encrypt(iv, plaintext, None)
return salt, iv, ciphertext
salt, iv, ciphertext = encrypt_file("file.txt", "yourpassword")
salt_b64 = base64.b64encode(salt).decode()
iv_b64 = base64.b64encode(iv).decode()
url = "https://one.gy/upload"
files = {"files": ("file.enc", ciphertext, "application/octet-stream")}
data = {"e2e": "true", "e2e_salt": salt_b64, "e2e_iv": iv_b64}
response = requests.post(url, files=files, data=data)
print(response.json())
# {"redirect": "/manage/...", "download_url": "https://one.gy/f/..."}Parameters
NAME
TYPE
DESCRIPTION
files
file
One or more files to upload (multipart/form-data)
e2e
string
"true" to enable E2E (pre-encrypt files client-side)
e2e_salt
string
Base64 salt (required for E2E)
e2e_iv
string
Base64 IV (required for E2E)
Response
200 OK
{
"redirect": "/manage/{management_token}",
"download_url": "https://one.gy/f/{upload_id}"
}DOWNLOAD
GET
/f/<file_id>
Use /f/<file_id>/encrypted for raw E2E data (requires E2E upload).
cURL (public file)
curl -O -J https://one.gy/f/{file_id}
cURL (password protected)
curl -O -J "https://one.gy/f/{file_id}?pw=yourpassword"
Python (requests)
import requests
url = "https://one.gy/f/{file_id}"
password = "yourpassword" # omit if public
response = requests.get(url, params={"pw": password})
with open("downloaded_file.txt", "wb") as f:
f.write(response.content)
Python (E2E download + decrypt)
import requests
import base64
from cryptography.hazmat.primitives.ciphers.aead import AESGCM
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
def decrypt_file(ciphertext, password, salt_b64, iv_b64):
salt = base64.b64decode(salt_b64)
iv = base64.b64decode(iv_b64)
kdf = PBKDF2HMAC(
algorithm=hashes.SHA256(),
length=32,
salt=salt,
iterations=100000,
backend=default_backend()
)
key = kdf.derive(password.encode())
aesgcm = AESGCM(key)
plaintext = aesgcm.decrypt(iv, ciphertext, None)
return plaintext
url = "https://one.gy/f/{file_id}/encrypted"
password = "yourpassword"
salt_b64 = "YOUR_BASE64_SALT"
iv_b64 = "YOUR_BASE64_IV"
response = requests.get(url)
plaintext = decrypt_file(response.content, password, salt_b64, iv_b64)
with open("decrypted_file.txt", "wb") as f:
f.write(plaintext)Parameters
NAME
TYPE
DESCRIPTION
file_id
string
UUID of the file to download
pw
string
Password (optional, required for protected files)
Response
200 OK
MANAGE FILE
GET
/manage/<token>
Get file management page with current settings.
POST
/manage/<token>
Update file settings (public/private, password, expiration).
Python (update settings)
import requests
url = "https://one.gy/manage/{management_token}"
data = {
"public": "on", # or omit to make private
"password": "secret", # optional
"expires": "7d" # 30m, 6h, 1d, 3d, 7d
}
response = requests.post(url, data=data)
print(response.json())
# {"success": true, "has_password": false}Parameters (POST)
NAME
TYPE
DESCRIPTION
public
string
Set to "on" for public access
password
string
Password for protected files (optional)
expires
string
Expiration: 30m, 6h, 1d, 3d, 7d
Response
200 OK
{
"success": true,
"has_password": false
}DELETE FILE
POST
/delete/<token>
Delete a file permanently using the management token.
cURL
curl -X POST https://one.gy/delete/{management_token}
Python
import requests
url = "https://one.gy/delete/{management_token}"
response = requests.post(url)
print(response.json())
# {"success": true}Response
200 OK
{
"success": true
}ERROR RESPONSES
400 Bad Request
{
"error": "No files"
}
413 Payload Too Large
{
"error": "File too large"
}
404 Not Found
File not found or expired