Files

All file routes require applicationId and check access to that application.

Avatar uploads are session-only

Management API keys can request upload URLs for type: "file". Requests with type: "avatar" require a dashboard session and return session_required when called with a Management API key.

File name rules

fileName fields use the same validation across file routes:

4-16 characters;
letters, numbers, dashes, and single spaces;
trimmed before use.

Get presigned upload URL

POST /api/v1/panel/get-presigned-upload-url

Required scope: files:upload for type: "file"

curl "https://api.blazeauth.net/api/v1/panel/get-presigned-upload-url?applicationId=123456789" \
  -X POST \
  -H "Authorization: Bearer $BLAZEAUTH_MANAGEMENT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "file",
    "fileName": "setup-bin",
    "fileSize": 1048576
  }'

Body field	Type	Required	Notes
`type`	string	Yes	`file` or `avatar`. `avatar` is session-only.
`fileName`	string	Yes	See file name rules.
`fileSize`	number	Yes	Size in bytes. Counted against storage limits for `file`.
`fileType`	string	No	Used for avatar validation. Not needed for Management API file uploads.

{
  "success": true,
  "message": "Get presigned url successfully",
  "presignedUrl": "https://storage.example/upload/signed-url"
}

If the name already exists for the application, the route returns:

{
  "success": false,
  "message": "File name must be unique for your application"
}

Upload the file bytes to presignedUrl with HTTP PUT. Then use check-file-uploaded-status to verify that the backend processed the object.

Check file name

POST /api/v1/panel/check-file-name

Required scope: files:upload

curl "https://api.blazeauth.net/api/v1/panel/check-file-name?applicationId=123456789" \
  -X POST \
  -H "Authorization: Bearer $BLAZEAUTH_MANAGEMENT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "fileName": "setup-bin" }'

{
  "success": true,
  "message": "File name available"
}

Check file uploaded status

GET /api/v1/panel/check-file-uploaded-status

Required scope: files:upload

curl "https://api.blazeauth.net/api/v1/panel/check-file-uploaded-status?applicationId=123456789&fileName=setup-bin" \
  -H "Authorization: Bearer $BLAZEAUTH_MANAGEMENT_API_KEY"

{
  "success": true,
  "message": "File exists"
}

When the file does not exist:

{
  "success": false,
  "message": "File does not exist"
}

Get files metadata

GET /api/v1/panel/get-files-metadata

Required scope: files:read

curl "https://api.blazeauth.net/api/v1/panel/get-files-metadata?applicationId=123456789" \
  -H "Authorization: Bearer $BLAZEAUTH_MANAGEMENT_API_KEY"

{
  "success": true,
  "message": "Successfully fetched metadata",
  "data": {
    "totalFiles": 12,
    "lastUploadedAt": "2026-05-12T09:00:00.000Z"
  }
}

Get files table

GET /api/v1/panel/get-files-table

Required scope: files:read

curl "https://api.blazeauth.net/api/v1/panel/get-files-table?applicationId=123456789&currentPage=1" \
  -H "Authorization: Bearer $BLAZEAUTH_MANAGEMENT_API_KEY"

Optional searchParams is a URL-encoded JSON string:

{
  "searchString": "setup",
  "categories": ["Name"]
}

{
  "success": true,
  "message": "Successfully fetched table",
  "data": [
    {
      "id": "4001",
      "displayName": "setup-bin",
      "byteSize": 1048576,
      "contentType": "application/octet-stream",
      "presignedUrlsCount": 3,
      "lastPresignedUrlCreatedAt": "2026-05-12T10:00:00.000Z",
      "createdAt": "2026-05-12T09:00:00.000Z",
      "user": {
        "username": "owner"
      }
    }
  ],
  "totalPages": 1
}

File action

POST /api/v1/panel/file-action

Required scope: files:delete

curl "https://api.blazeauth.net/api/v1/panel/file-action?applicationId=123456789" \
  -X POST \
  -H "Authorization: Bearer $BLAZEAUTH_MANAGEMENT_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "action": "change_file_name",
    "fileId": "4001",
    "fileName": "setup-new"
  }'

Action	Required fields	Notes
`delete_file`	`fileId`	Deletes the file record and stored file.
`change_file_name`	`fileId`, `fileName`	Renames the file display name.

{
  "success": true,
  "message": "Action completed successfully."
}