ftpGrid API documentation
Introduction
Welcome to the ftpGrid API documentation.
ftpGrid initially started as a managed FTP cloud storage platform, allowing customers to use FTP/FTPS/SFTP without the complexity of maintaining their own infrastructure.
Over time, ftpGrid evolved far beyond simple file transfer. Features such as automation rules for cleanup and retention, AWS S3 and Azure Blob Storage integrations, file/web hosting, and webhooks transformed ftpGrid into a complete file integration platform.
With the addition of the REST API, ftpGrid can now be fully integrated into your own systems, applications, and workflows.
The ftpGrid API is divided into two main areas:
The Management API allows you to manage and configure ftpGrid itself — for example creating FTP accounts, managing access, configuring automation, and handling integrations.
The Storage API provides direct REST-based access to your file storage. This allows you to manage files and directories without using traditional protocols such as FTP, FTPS, SFTP, or SCP.
Throughout this documentation we use HTTPie for examples and testing. The examples should be easy to translate into any programming language or HTTP client.
API Keys
To use the ftpGrid REST API you need the following credentials:
AssociationKeyAccessKeySecretKey
The AccessKey and SecretKey together form what we typically refer to as a REST API account.
REST API accounts can be created from:
The AssociationKey is tied to your ftpGrid account and can be found under:
Scopes
REST API accounts are scope-based.
Each account can be limited to only the operations it requires.
Currently supported scopes are:
| Scope | Description |
|---|---|
file.create | Upload/create files |
file.delete | Delete files |
file.read | Read/download files |
file.list | List files and directories |
ftpaccount.create | Create FTP accounts |
ftpaccount.delete | Delete FTP accounts |
ftpaccount.get | Retrieve FTP account details |
ftpaccount.list | List FTP accounts |
ftpaccount.update | Update FTP accounts |
We strongly recommend following the principle of least privilege and only granting the scopes your integration requires.
Expiration
REST API accounts can optionally have an expiration date.
After expiration:
- the account can no longer authenticate
- existing tokens become invalid
- all API access is denied
This is useful for:
- temporary integrations
- contractors or consultants
- testing environments
- rotating credentials
Bearer Tokens
Authentication is performed by exchanging your API credentials for a Bearer token.
Example authentication request:
http POST https://api.ftpgrid.com/apiaccess/auth \
AssociationKey="f7bd3870-xxxxxx-xxxxx..." \
AccessKey="AK_xxxxxxxxxxxxxxxxx" \
SecretKey="sk_live_xxxxxxxxxxxxxxxxx"
Example response:
{
"token": "eyJhbGciOi..."
}
The returned token must be included in subsequent requests:
Authorization: Bearer YOUR_TOKEN
Token Lifetime
Bearer tokens are short-lived for security reasons.
When a token expires:
- simply authenticate again
- obtain a new token
- continue making requests
We recommend your integration automatically refreshes tokens when receiving HTTP 401 Unauthorized.
Example Requests
Authentication
http POST https://api.ftpgrid.com/apiaccess/auth \
AssociationKey="f7bd3870-xxxxxx-xxxxx..." \
AccessKey="AK_xxxxxxxxxxxxxxxxx" \
SecretKey="sk_live_xxxxxxxxxxxxxxxxx"
Creating an FTP Account
http POST https://api.ftpgrid.com/ftpaccounts/create \
Authorization:"Bearer YOUR_TOKEN" \
Username="camera01" \
Password="StrongPassword123!" \
AccessRights="RW" \
Chroot="/uploads"
Deleting an FTP Account
http DELETE https://api.ftpgrid.com/ftpaccounts/id/1234 \
Authorization:"Bearer YOUR_TOKEN"