cd /news/developer-tools/filebrowser-http-api-ai-skill-comple… · home topics developer-tools article
[ARTICLE · art-12058] src=gist.github.com ↗ pub= topic=developer-tools verified=true sentiment=· neutral

Filebrowser HTTP API & AI Skill: Complete reference for JWT auth, file CRUD, and folder management.

This article provides a technical reference for using Filebrowser's HTTP API with JWT authentication to enable AI models to perform file and folder management operations. It details endpoints for login, listing, renaming, creating, deleting, reading, and writing files and folders, with specific encoding rules for paths and query parameters. The guide also includes instructions for handling authentication tokens, parsing JSON responses, and formatting directory listings as Markdown tables.

read2 min views21 publishedMay 23, 2026

This skill provides a standardized way for any AI model to manage files and folders on a Filebrowser server by making direct HTTP calls. Filebrowser uses a "hidden" API with JWT authentication.

  • Official Repository: filebrowser/filebrowser
  • Host: The Filebrowser URL (e.g., https://filebrowser.example.com ) - Username: Default is "" (empty string) - Password: Default is ""
(empty string)
All operations (except login) require the X-Auth: [JWT_TOKEN]

header. Tokens expire in 2 hours.

curl -X POST "https://[HOST]/api/login" \
-H "Content-Type: application/json" \
-d '{"username":"[USERNAME]","password":"[PASSWORD]","recaptcha":""}'

Output: Returns the raw JWT token string directly in the response body.

Endpoint: GET /api/resources/[PATH]
Example: curl -X GET "https://[HOST]/api/resources/disk1" -H "X-Auth: [JWT_TOKEN]"

Presentation: Parse the JSON items array and display as a clean table (Name, Size, Type, Modified).

Endpoint: PATCH /api/resources/[SOURCE_ENCODED]?action=rename&destination=[DEST_ENCODED]&override=false&rename=false
- Source ([SOURCE_ENCODED]): Path relative to root. Special characters MUST be percent-encoded, but slashes (

/ ) MUST NOT be encoded. - Destination ([DEST_ENCODED]): MUST be fully percent-encoded (including slashes). Example: Move disk2/downloads/test 1/ to disk2/test 1/

curl -X PATCH "https://[HOST]/api/resources/disk2/downloads/test%201/?action=rename&destination=%2Fdisk2%2Ftest%25201&override=false&rename=false" -H "X-Auth: [JWT_TOKEN]"
Endpoint: POST /api/resources/[PATH]/[NAME]/?override=false

Rule: The path MUST end with a trailing slash (/ ).

Example: curl -X POST "https://[HOST]/api/resources/disk2/newfolder/?override=false" -H "X-Auth: [JWT_TOKEN]"
Endpoint: POST /api/resources/[PATH]/[NAME]?override=false

Rule: The path MUST NOT end with a trailing slash.

Example: curl -X POST "https://[HOST]/api/resources/disk2/newfile.txt?override=false" -H "X-Auth: [JWT_TOKEN]"
Endpoint: DELETE /api/resources/[PATH]
Example: curl -X DELETE "https://[HOST]/api/resources/disk2/oldfile.txt" -H "X-Auth: [JWT_TOKEN]"
Endpoint: GET /api/resources/[PATH]

Output: Returns JSON. The file content is in the content field.

Example: curl -X GET "https://[HOST]/api/resources/disk2/notes.txt" -H "X-Auth: [JWT_TOKEN]"
Endpoint: PUT /api/resources/[PATH]

Example:

curl -X PUT "https://[HOST]/api/resources/disk2/notes.txt" \
-H "X-Auth: [JWT_TOKEN]" \
-H "Content-Type: text/plain" \
--data "New file content goes here"

Mandatory for destination parameters and paths with special characters.

  • JSON Handling: Always parse API responses. If an error occurs, report the HTTP status code and any error message in the JSON body.
  • Path Safety: Before ? in URLs, do not encode slashes. Inside query parameters likedestination , always encode slashes as%2F . - Implicit Auth: If a token is available from a previous turn, reuse it. If a request fails with 401 or 403, attempt to re-login.
  • Interactive Formatting: Present directory listings as Markdown tables for readability.
── more in #developer-tools 4 stories · sorted by recency
── more on @filebrowser 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/filebrowser-http-api…] indexed:0 read:2min 2026-05-23 ·