FileMorf Docs

Public API v1

Public API
Operations

Errors and Limits

Interpret validation errors, plan limits, permission failures, rate limits, and retry-safe operational responses.

Base route

https://api.filemorf.com/api/public

Auth

Bearer API key created from the workspace.

Delivery model

Signed uploads, queued jobs, retained artifacts, refreshable URLs.

OverviewQuickstartAuthenticationUploads and ArtifactsJobsPDF MergeRecipesWebhooksIdempotencyErrors and Limits

Status handling

Map HTTP status codes to concrete operator actions

The public API uses standard status codes with small JSON error envelopes. Most failures are deterministic and should be handled explicitly.

StatusTypical errorOperator action
400Validation failed / Invalid file type / Invalid stateFix the request payload, content type, or lifecycle ordering before retrying.
401UnauthorizedUse a valid non-revoked Bearer API key.
403Forbidden / Feature not availableConfirm the API key permissions and the account plan feature access.
404Job not found / Workflow recipe not found / Workflow run not foundCheck ownership, source type, and the requested resource id.
409Idempotency conflictDo not reuse the same Idempotency-Key with a different payload.
413File too large / Batch too largeReduce file size or batch size, or use a plan with larger limits.
429Rate limit exceeded / Operation limit reachedBack off using the returned headers and verify monthly or daily usage state.
500Failed to refresh URL / internal processing failureRetry if safe, or inspect job state and webhook delivery logs.

Rate limits

Read the response headers, not just the body

Per-key rate limiting is surfaced in headers, and plan-based operation limits may also block writes.

HeaderMeaning
X-RateLimit-LimitThe request quota window size for the current API key.
X-RateLimit-RemainingRemaining requests in the current window.
X-RateLimit-ResetUnix timestamp when the window resets.

Troubleshooting

Common causes of false negatives

Most integration failures come from lifecycle ordering, missing uploads, or invalid plan assumptions.

  • Do not call POST /jobs/:id/start before every required upload has succeeded.
  • Use the exact content type that the selected job type accepts.
  • For recipe runs, pass a retained artifact or a prior job output index that actually exists.
  • Refresh signed download URLs instead of assuming an older URL remains valid indefinitely.

Next steps

Build against the live API, not the idea of it.

Create or rotate keys in the workspace, test against the base route, and use the same lifecycle documented here in production and local environments.