Log In / Sign Up

LOCKR API Documentation

Build on lockr with a simple HTTPS API. Upload, manage, and serve files securely from any environment. Base URL: https://lockr.top

Authentication

Create an account at lockr.top/account to receive 100 GB of storage and an API token. Authenticate using either:

  • Bearer token: Authorization: Bearer YOUR_TOKEN
  • Basic auth: Authorization: Basic base64(email-or-username:password)

Use POST /api/v1/login to exchange credentials for a reusable API token.

curl -s https://lockr.top/api/v1/login \
  -H "Content-Type: application/json" \
  -d '{"identifier":"you@example.com","password":"hunter2"}'

Uploading Files

Authenticated accounts can upload files up to 100 GB per object. Guests are limited to 5 GB and cannot attach download keys.

1. Create Resumable Session

curl -s https://lockr.top/api/v1/upload/session \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name":"whitepaper.pdf","size":1048576,"type":"application/pdf"}'

The response contains uploadUrl, downloadUrl, and the file id.

2. Upload Data

curl -X PUT "UPLOAD_URL_FROM_STEP_1" \
  -H "Content-Type: application/pdf" \
  --data-binary @whitepaper.pdf

Direct Upload

Prefer a single call? Stream the file with POST /api/v1/upload:

curl -s https://lockr.top/api/v1/upload \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "x-file-name: whitepaper.pdf" \
  -H "Content-Type: application/pdf" \
  --data-binary @whitepaper.pdf

For regional control, add x-upload-region: us-central1. To protect downloads, supply a secret phrase, and lockr hashes it client-side into keyHash.

Managing Files

All responses are JSON.

endpoint method description
/api/v1/files GET List your files with size, region, and key status.
/api/v1/files/register POST Attach an existing download ID to your account payload {"id"}.
/api/v1/files/:id/key POST Set or clear the file key with {"key":"optional passphrase"}.
/api/v1/files/:id DELETE Delete a file and remove it from lockr.

Downloading

Share https://lockr.top/download/<id> to present the download page, or pull data directly: 

curl -L "https://lockr.top/api/v1/download/REGION_ID_OBJECT" \
  -H "Authorization: Bearer YOUR_TOKEN"

If a key is set, supply ?keyHash=<sha256> matching the original phrase. Authenticated links fall back to signed URLs when available.

One-Switch Command

Move from AWS S3 or Google Cloud Storage into lockr with a single rclone invocation. After configuring your remotes, run: 

rclone sync s3:your-source-bucket lockr:your-lockr-account \
  --progress \
  --transfers=16 \
  --checkers=8

Swap s3: for gcs: when migrating from Google Cloud Storage. The lockr remote authenticates with your account token; every object lands in your default region with zero egress fees.

Responses & Errors

  • 401: missing or invalid credentials
  • 403: quota exceeded or key restrictions
  • 413: file too large for your plan (5 GB guest, 100 GB account)
  • 429: slow down (burst protection)

Need more throughput or custom regions? Ping us at support@lockr.top.