With the Zaulto API you create containers programmatically and read at any time which links are online or offline – including the hoster label. It is built for uploaders who want to wire Zaulto into their own tools, scripts or upload workflows.
An API token is shown exactly once at creation time and cannot be retrieved afterwards. Save it immediately in a safe place (e.g. a password manager) and never commit it to a repository or frontend code.
Always pass the token in the Authorization header – never in the URL, since URLs end up in logs and browser history. If you suspect it has leaked, revoke it in your account right away and create a new one. Every token is limited to the “upload” scope and to your own account: it can only create containers on your behalf – it cannot read, change or delete anyone else's containers.
The upload API authenticates with a personal bearer token. Here's how to get one: sign in, open the “API tokens” area in your account, give it a descriptive label (e.g. “My upload script”) and optionally a lifetime in days. The token is shown once in clear text – copy it immediately.
On every request send the header Authorization: Bearer <YOUR_TOKEN>. If the header is missing or the token is invalid or revoked, the API responds with 401.
Header
Authorization: Bearer ztk_live_xxxxxxxxxxxxxxxxxxxxxxxx
Content-Type: application/jsonA POST to /api/v1/containers creates a new container. Only a title and at least one link are required; every other field is optional with sensible defaults. Only http and https links are accepted.
The response contains the container ID and the ready-to-share public URL – so you can hand out the link right away.
| Method | Path | Auth | Purpose |
|---|---|---|---|
| POST | /api/v1/containers | Bearer token | Create a new container with one or more links. |
Request (curl)
curl -X POST https://zaulto.com/api/v1/containers \
-H "Authorization: Bearer $ZAULTO_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"title": "My release",
"links": [
{ "url": "https://filer.net/get/abc123", "filename": "part1.rar" },
{ "url": "https://ddownload.com/abc123xyz", "filename": "part2.rar" }
]
}'Response (201)
{
"id": "AB12CD34",
"slug": null,
"url": "https://zaulto.com/#/c/AB12CD34",
"shortUrl": null
}| Field | Type | Description |
|---|---|---|
| title | string (1–200) | Required. Container title. |
| links | array | Required. At least 1 link. Each entry: { url, hoster?, filename? }. http/https only. |
| description | string (≤2000) | Optional description. |
| customSlug | string (3–40) | Optional custom short slug for the URL. |
| password | string | Optional password visitors need to open the container. |
| captchaRequired | boolean | Require a captcha before opening (default: false). |
| maxDownloads | number|null | Maximum number of successful unlocks. |
| expiresAt | number|null | Expiry as Unix time in milliseconds (null = never). |
| mirrorSets | array (≤20) | Optional mirror tiers as complete replacement link sets. |
| urlMasking | boolean | Enable URL masking (the real hoster URL stays hidden). |
| listed | boolean | List the container in the public directory (default: false). |
A GET to /api/c/:id returns the public view of a container. If the container requires neither a password nor a captcha, you can read its state without unlocking it. Per link you see the status (online, offline, pending or unknown) and – if enabled for the container – the hoster name. That lets you detect automatically what is offline where.
Note: with a password/captcha or URL masking enabled, the actual links are only delivered after unlocking; the plain status is still visible through the public view. Zaulto keeps the status current via its built-in, regular link check.
| Method | Path | Auth | Purpose |
|---|---|---|---|
| GET | /api/c/:id | none | Public container view incl. online/offline status per link and hoster label. |
Request (curl)
curl https://zaulto.com/api/c/AB12CD34| Value | Type | Meaning |
|---|---|---|
| online | status | File is reachable at the hoster. |
| offline | status | File is deleted or no longer available. |
| pending | status | Not checked yet – check is pending. |
| unknown | status | Status could not be determined unambiguously. |
Each container allows up to 40 links. Mirror tiers hold up to 200 links per tier and at most 20 tiers. Titles are capped at 200, descriptions at 2000 characters. There is no fixed upper limit on the number of your containers.
The API responds with clear HTTP status codes – evaluate them instead of only looking at the body.
| Code | Meaning | Note |
|---|---|---|
| 201 | Created | Container was created. |
| 400 | Bad Request | Validation failed (e.g. missing title, invalid URL). |
| 401 | Unauthorized | Token missing, invalid, revoked or wrong scope. |
| 404 | Not Found | Container not found (when reading). |
| 409 | Conflict | Requested customSlug is already taken. |
Store the token server-side or in a secret store only, never in browser code or public repositories. Create a separate token with its own label per app/script – that way you can revoke a single one precisely without affecting the others.
Set a lifetime where it makes sense so a forgotten token expires automatically. Send requests over HTTPS only. And if a token ever does leak: revoke it in your account immediately – a revoked token is worthless instantly.
That's everything to wire Zaulto cleanly into your uploads: create containers via token and monitor the online/offline status automatically.