Filebrowser HTTP API & AI Skill: Complete reference for JWT auth, file CRUD, and folder management.

This article provides a technical reference for using Filebrowser's HTTP API with JWT authentication to enable AI models to perform file and folder management operations. It details endpoints for login, listing, renaming, creating, deleting, reading, and writing files and folders, with specific encoding rules for paths and query parameters. The guide also includes instructions for handling authentication tokens, parsing JSON responses, and formatting directory listings as Markdown tables.

This skill provides a standardized way for any AI model to manage files and folders on a Filebrowser server by making direct HTTP calls. Filebrowser uses a "hidden" API with JWT authentication. - Official Repository: filebrowser/filebrowser - Host: The Filebrowser URL e.g., https://filebrowser.example.com - Username: Default is "" empty string - Password: Default is "" empty string All operations except login require the X-Auth: JWT TOKEN header. Tokens expire in 2 hours. curl -X POST "https:// HOST /api/login" \ -H "Content-Type: application/json" \ -d '{"username":" USERNAME ","password":" PASSWORD ","recaptcha":""}' Output: Returns the raw JWT token string directly in the response body. Endpoint: GET /api/resources/ PATH Example: curl -X GET "https:// HOST /api/resources/disk1" -H "X-Auth: JWT TOKEN " Presentation: Parse the JSON items array and display as a clean table Name, Size, Type, Modified . Endpoint: PATCH /api/resources/ SOURCE ENCODED ?action=rename&destination= DEST ENCODED &override=false&rename=false - Source SOURCE ENCODED : Path relative to root. Special characters MUST be percent-encoded, but slashes / MUST NOT be encoded. - Destination DEST ENCODED : MUST be fully percent-encoded including slashes . Example: Move disk2/downloads/test 1/ to disk2/test 1/ curl -X PATCH "https:// HOST /api/resources/disk2/downloads/test%201/?action=rename&destination=%2Fdisk2%2Ftest%25201&override=false&rename=false" -H "X-Auth: JWT TOKEN " Endpoint: POST /api/resources/ PATH / NAME /?override=false Rule: The path MUST end with a trailing slash / . Example: curl -X POST "https:// HOST /api/resources/disk2/newfolder/?override=false" -H "X-Auth: JWT TOKEN " Endpoint: POST /api/resources/ PATH / NAME ?override=false Rule: The path MUST NOT end with a trailing slash. Example: curl -X POST "https:// HOST /api/resources/disk2/newfile.txt?override=false" -H "X-Auth: JWT TOKEN " Endpoint: DELETE /api/resources/ PATH Example: curl -X DELETE "https:// HOST /api/resources/disk2/oldfile.txt" -H "X-Auth: JWT TOKEN " Endpoint: GET /api/resources/ PATH Output: Returns JSON. The file content is in the content field. Example: curl -X GET "https:// HOST /api/resources/disk2/notes.txt" -H "X-Auth: JWT TOKEN " Endpoint: PUT /api/resources/ PATH Example: curl -X PUT "https:// HOST /api/resources/disk2/notes.txt" \ -H "X-Auth: JWT TOKEN " \ -H "Content-Type: text/plain" \ --data "New file content goes here" Mandatory for destination parameters and paths with special characters. - JSON Handling: Always parse API responses. If an error occurs, report the HTTP status code and any error message in the JSON body. - Path Safety: Before ? in URLs, do not encode slashes. Inside query parameters likedestination , always encode slashes as%2F . - Implicit Auth: If a token is available from a previous turn, reuse it. If a request fails with 401 or 403, attempt to re-login. - Interactive Formatting: Present directory listings as Markdown tables for readability.