Skip to main content

Uploading a file

Uploading a file to Files.Warwick can be achieved by sending HTTP multipart POST data to the file upload API. For example, to upload a file to the filespace: https://files.warwick.ac.uk/sarah, we can send a POST to:

https://files.warwick.ac.uk/files/api/upload?forceBasic=true&path=sarah/Files&fileName=test.txt&fileuploadid=123

Note that only the path to the filespace/folder is specified - not the entire URL.

Also note that the top-level directory of a filespace is called Files, and it is explicitly required. I.e. if you want to upload a file to a folder called documents in your filespace joebloggs, the path specified should be joebloggs/Files/documents

We need to send the file itself as multipart data, so the request to upload a file test.txt to https://files.warwick.ac.uk/sarah/Files (with resulting filename final.txt) will be something like:

jo-dev-oracle$ curl -i -F file=@test.txt -u usercode "https://files.warwick.ac.uk/files/api/upload?forceBasic=true&path=sarah/Files&fileName=final.txt&fileuploadid=123"

Enter host password for user 'usercode':

HTTP/1.1 100 Continue

HTTP/1.1 100 Continue

HTTP/1.1 200 OK

Date: Wed, 21 Nov 2012 10:39:19 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-GB
Content-Length: 4
Set-Cookie: hashTag=""; Domain=.warwick.ac.uk; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: JSESSIONID=F27A708C5041B32B8D697ABD371645E1; Path=/files
Vary: User-Agent,Accept-Encoding

N.B. If the upload has been successful, a 200 will be returned (curl may first send some 100 responses as the file is being uploaded, as above). A 500 HTTP Response will be returned in case of error, with some explanatory error in the response text (e.g. a file already exists with that name, in that folder).


Important: Because of the way that HTTP Basic authentication sends an encrypted version of the username and password with every request, it is less secure than standard authentication through web sign-on. As well as this, by their very nature, automated programs require username and passwords to be stored on a computer in such a way that it would be a breach of the Terms and Conditions of IT Services accounts to store your actual ITS usercode and password in this way.

For automated systems that access Sitebuilder APIs, you must use an external user account for API access. You should not share an API account between multiple systems, and you should ensure that each account is granted the minimal permissions it needs to perform its tasks, and only on the pages where it needs to perform these tasks.


Getting an external user account for API access

In order to obtain an external user account for API access, please email webteam at warwick dot ac dot uk