Resources/The Agent API Atlas/Storage/Uploadcare

Everything an AI agent can do with the Uploadcare API.

A reference guide for building AI agents: every method, how to authenticate, and the permissions each one needs.

Endpoints35

API versionv0.7

Last updated23 June 2026

Orientation

How the Uploadcare API works.

The Uploadcare API is how an app or AI agent works with a project's media: uploading a file, storing or deleting it, grouping files together, converting a document or video, and running an add-on like a virus scan. Access is granted through a pair of project keys, a public key that names the project and a secret key used to authenticate management calls, and the keys carry the whole project with no per-method scopes. Uploadcare pins a dated API version requested through a header, and it can push an event to a registered endpoint when a file changes.

35Endpoints

8Capability groups

13Read

22Write

0Permissions

Authentication

Uploadcare authenticates REST API calls with a project key pair, not OAuth. The public key names the project and the secret key authenticates a call, sent in the Authorization header as either Uploadcare.Simple (public_key:secret_key sent in plain text, intended for testing) or the recommended Uploadcare signature scheme (public_key:signature, where the secret derives an HMAC-SHA1 signature and is never sent on the wire). Uploads to the separate Upload API authenticate with the public key alone, optionally with a signed expiring token.

Permissions

Uploadcare keys are project-level. There are no granular per-endpoint scopes, so a secret key that can call one management method can call every management method in that project. The only access boundaries are the project the keys belong to and which key is used, so confining an agent to read-only or to a subset of methods has to be enforced outside Uploadcare's own keys.

Versioning

Each REST API request pins a version through the Accept header, like application/vnd.uploadcare-v0.7+json. Version 0.7 is the current major version, released 15 August 2022, with no deprecation date set. Backward-incompatible changes ship as a new major version, and an older version stays supported for at least two years after its successor. A request with an unsupported version in the Accept header returns a 406.

Data model

A file is identified by a UUID and is uploaded through a separate Upload API, then managed through the REST API: stored to keep it permanently, deleted, copied to local or remote storage, or given metadata. Files can be collected into a group, and a document or video can be converted into new files through an asynchronous job that returns a token to poll. Add-ons like virus scan and background removal run the same way, returning a request_id to poll for status.

Connect & authenticate

Connection & authentication methods.

How an app or AI agent connects to Uploadcare determines what it can reach. One host handles managing stored files, groups, conversions, and project settings, a separate host handles sending new files in, and Uploadcare can push events back out, with each route governed by the project keys behind it.

Ways to connect

REST API

The REST API manages existing files, groups, conversions, add-on jobs, webhooks, and project settings at https://api.uploadcare.com. It returns JSON, pages lists with next and previous URLs, requires every path to end in a trailing slash, and pins its version through the Accept header. A call authenticates with the project public and secret keys.

Best forConnecting an app or AI agent to manage Uploadcare files and jobs.

Governed byThe project public and secret keys.

Docs ↗

Upload API

A separate host at https://upload.uploadcare.com accepts new files: a direct base upload for files up to 100 MB, an upload from a public URL, a multipart flow for larger files, and group creation. It authenticates with the public key alone, optionally with a signed expiring token derived from the secret key, so client code can upload without exposing the secret.

Best forSending new files into a project, including from a browser or device.

Governed byThe public key, optionally a signed expiring upload token.

Docs ↗

Webhooks

Uploadcare POSTs an event payload to an HTTPS endpoint registered through the REST API when a file changes. A subscription is created per event type, can be paused with is_active, and when given a signing_secret each delivery is signed with HMAC-SHA256 so the receiver can verify it came from Uploadcare.

Best forReceiving Uploadcare events at an app or AI agent.

Governed byThe signing secret on the webhook subscription.

Docs ↗

Authentication

Uploadcare.Simple

The simple scheme sends the public and secret key together in the Authorization header as Uploadcare.Simple public_key:secret_key. The secret key is included in every request as plain text, so Uploadcare recommends it only for testing, not production. It is rejected over plain HTTP.

TokenAuthorization: Uploadcare.Simple public_key:secret_key

Best forLocal testing and quick prototypes.

Docs ↗

Uploadcare signature

The recommended scheme sends Authorization: Uploadcare public_key:signature, where the signature is an HMAC-SHA1 over the request method, an MD5 of the body, the content type, the date, and the path, derived from the secret key without sending it. It also needs a Date header in RFC 2822 GMT, accepted within a 15-minute window of the server's time.

TokenAuthorization: Uploadcare public_key:signature (HMAC-SHA1)

Best forProduction calls where the secret key must stay off the wire.

Docs ↗

Upload API public key

Calls to the separate Upload API authenticate with the project public key, passed as a parameter, and need no secret. Signed uploads can add a signature and an expire timestamp derived from the secret key on a backend, so a client can upload for a limited window without holding the secret.

TokenPublic key (UPLOADCARE_PUB_KEY), optional signed expiring token

Best forUploading new files, including from client code.

Docs ↗

Capability map

What an AI agent can do in Uploadcare.

The Uploadcare API is split into areas an agent can act on, like files, groups, conversions, add-on jobs, webhooks, and project settings. Each area has its own methods, and a write can store, delete, copy, or process real files.

Files

8 endpoints

Methods for listing, reading, storing, deleting, and copying files.

A write here stores, deletes, or copies real files.

View endpoints →

File metadata

3 endpoints

Methods for reading and changing a file's metadata key-value pairs.

A write here changes the metadata stored on a file.

View endpoints →

Groups

3 endpoints

Methods for creating, listing, reading, and deleting file groups.

A write here creates or deletes a group of files.

View endpoints →

Upload API

5 endpoints

Methods on the separate Upload API for sending new files into a project.

A write here adds new files to the project.

View endpoints →

Conversion

5 endpoints

Methods for converting documents and videos and polling job status.

A write here starts a job that produces new files.

View endpoints →

Add-ons

6 endpoints

Methods for running and polling add-on jobs like virus scan and background removal.

A write here runs a processing job against a file.

View endpoints →

Webhooks

4 endpoints

Methods for creating, listing, updating, and removing webhook subscriptions.

A write here changes where Uploadcare sends events.

View endpoints →

Project

1 endpoint

Methods for reading project settings.

Read-only project information.

View endpoints →

Endpoint reference

Every Uploadcare API method.

Filter by method, access, or permission, or search any path. Select a row for version detail, rate limits, the related webhook event, and the source.

Hide deprecated

Method	Endpoint	What it does	Access	Permission	Version
Files Methods for listing, reading, storing, deleting, and copying files.8
GET	`/files/`	List files in the project, paginated by next and previous URLs.	read	—	Current
Read-only. Accepts limit (default 100, max 1000), ordering by datetime_uploaded, and a from cursor. Acts onfile Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/files/{uuid}/`	Get information about a single file by its UUID, including its metadata and content_info.	read	—	Current
Read-only. Acts onfile Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PUT	`/files/{uuid}/storage/`	Store a single file, making it permanently available instead of expiring after 24 hours.	write	—	Current
No per-method scope; the project secret key grants this. Acts onfile Permission (capability)None required VersionAvailable since the API’s base version Webhook event`file.stored` Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/files/{uuid}/storage/`	Delete a single file from storage by its UUID.	write	—	Current
Irreversible removal of the file from storage. Acts onfile Permission (capability)None required VersionAvailable since the API’s base version Webhook event`file.deleted` Rate limitStandard limits apply SourceOfficial documentation ↗
PUT	`/files/storage/`	Store multiple files in one request, up to 100 file UUIDs at a time.	write	—	Current
Up to 100 files per request. Acts onfile Permission (capability)None required VersionAvailable since the API’s base version Webhook event`file.stored` Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/files/storage/`	Delete multiple files in one request, up to 100 file UUIDs at a time.	write	—	Current
Up to 100 files per request; irreversible. Acts onfile Permission (capability)None required VersionAvailable since the API’s base version Webhook event`file.deleted` Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/files/local_copy/`	Copy an original file or a modified version of it into the project's default storage.	write	—	Current
Produces a new file in default storage. Acts onfile Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/files/remote_copy/`	Copy an original file or a modified version of it to a custom remote S3 bucket.	write	—	Current
Writes to the project's configured remote storage. Acts onfile Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
File metadata Methods for reading and changing a file's metadata key-value pairs.3
GET	`/files/{uuid}/metadata/`	Get all metadata key-value pairs attached to a file.	read	—	Current
Read-only. Acts onmetadata Permission (capability)None required VersionIntroduced 2022-09-08 Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PUT	`/files/{uuid}/metadata/{key}/`	Set or update the value of a single metadata key on a file.	write	—	Current
Changes the metadata stored on the file. Acts onmetadata Permission (capability)None required VersionIntroduced 2022-09-08 Webhook event`file.info_updated` Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/files/{uuid}/metadata/{key}/`	Delete a single metadata key from a file.	write	—	Current
Removes the named metadata key. Acts onmetadata Permission (capability)None required VersionIntroduced 2022-09-08 Webhook event`file.info_updated` Rate limitStandard limits apply SourceOfficial documentation ↗
Groups Methods for creating, listing, reading, and deleting file groups.3
GET	`/groups/`	List file groups in the project, paginated by next and previous URLs.	read	—	Current
Read-only. Acts ongroup Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/groups/{uuid}/`	Get information about a single file group by its ID, which has the form uuid~filecount.	read	—	Current
Read-only. Acts ongroup Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/groups/{uuid}/`	Delete a file group by its ID. The group object is removed but the files in it are left as is.	write	—	Current
Removes only the group object, not its files. Acts ongroup Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Upload API Methods on the separate Upload API for sending new files into a project.5
POST	`/base/`	Upload a new file directly, up to 100 MB, on the Upload API host upload.uploadcare.com.	write	—	Current
Upload API; authenticates with the public key, not the secret key. Files over 100 MB use multipart. Acts onfile Permission (capability)None required VersionAvailable since the API’s base version Webhook event`file.uploaded` Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/from_url/`	Fetch a file from a public URL into the project; returns a token to poll for upload status.	write	—	Current
Upload API; asynchronous, poll /from_url/status/ with the returned token. Acts onfile Permission (capability)None required VersionAvailable since the API’s base version Webhook event`file.uploaded` Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/multipart/start/`	Begin a multipart upload for a large file; returns presigned URLs for each part.	write	—	Current
Upload API; each part except the last is at least 5 MiB. Acts onfile Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/multipart/complete/`	Finish a multipart upload once all parts are uploaded, producing the final file.	write	—	Current
Upload API; called after all parts are uploaded. Acts onfile Permission (capability)None required VersionAvailable since the API’s base version Webhook event`file.uploaded` Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/group/`	Create a file group from a set of uploaded file UUIDs on the Upload API.	write	—	Current
Upload API; groups are created here, then read and deleted on the REST API. Acts ongroup Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Conversion Methods for converting documents and videos and polling job status.5
POST	`/convert/document/`	Convert a document to another format, optionally saving multi-page output as a group; returns a job token.	write	—	Current
Asynchronous; poll the returned token. save_in_group outputs a group of files. Acts onconversion_job Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/convert/document/{uuid}/`	Read a document's format and the conversion formats available for it before starting a job.	read	—	Current
Read-only. Acts onconversion_job Permission (capability)None required VersionIntroduced 2023-11-07 Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/convert/document/status/{token}/`	Get the status and result of a document conversion job by its token.	read	—	Current
Read-only; poll until the job is finished or failed. Acts onconversion_job Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/convert/video/`	Convert a video's quality, format, and size, cut it, and generate thumbnails; returns a job token.	write	—	Current
Asynchronous; poll the returned token. Outputs mp4, webm, or ogg. Acts onconversion_job Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/convert/video/status/{token}/`	Get the status and result of a video conversion job by its token.	read	—	Current
Read-only; poll until the job is finished or failed. Acts onconversion_job Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Add-ons Methods for running and polling add-on jobs like virus scan and background removal.6
POST	`/addons/uc_clamav_virus_scan/execute/`	Run the ClamAV virus scan add-on on a file; returns a request_id to poll.	write	—	Current
Asynchronous; an infected file fires the file.infected webhook. Acts onaddon_job Permission (capability)None required VersionAvailable since the API’s base version Webhook event`file.infected` Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/addons/uc_clamav_virus_scan/execute/status/`	Get the status of a ClamAV virus scan job by its request_id.	read	—	Current
Read-only; request_id passed as a query parameter. Acts onaddon_job Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/addons/remove_bg/execute/`	Run the Remove.bg background removal add-on on an image; returns a request_id to poll.	write	—	Current
Asynchronous; produces a new file with the background removed. Acts onaddon_job Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/addons/remove_bg/execute/status/`	Get the status of a Remove.bg background removal job by its request_id.	read	—	Current
Read-only; request_id passed as a query parameter. Acts onaddon_job Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/addons/aws_rekognition_detect_labels/execute/`	Run AWS Rekognition label detection on an image; returns a request_id to poll.	write	—	Current
Asynchronous; stores detected labels as appdata on the file. Acts onaddon_job Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/addons/aws_rekognition_detect_labels/execute/status/`	Get the status of an AWS Rekognition label detection job by its request_id.	read	—	Current
Read-only; request_id passed as a query parameter. Acts onaddon_job Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Webhooks Methods for creating, listing, updating, and removing webhook subscriptions.4
POST	`/webhooks/`	Create a webhook subscription for one event type, with an optional signing secret.	write	—	Current
target_url and event are required; signing_secret enables HMAC-SHA256 signatures. Acts onwebhook Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/webhooks/`	List the project's webhook subscriptions.	read	—	Current
Read-only. Acts onwebhook Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PUT	`/webhooks/{id}/`	Update a webhook's attributes, such as its target URL, event, or active state.	write	—	Current
Changes where and whether events are delivered. Acts onwebhook Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/webhooks/unsubscribe/`	Unsubscribe and delete a webhook, identified by its target_url.	write	—	Current
target_url in the request body identifies which webhook to remove. Acts onwebhook Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Project Methods for reading project settings.1
GET	`/project/`	Get information about the account project, such as its name, public key, and collaborators.	read	—	Current
Read-only. Acts onproject Permission (capability)None required VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗

No endpoints match those filters.

Webhooks

Webhook events.

Uploadcare can notify an app when something happens to a file, like a file being uploaded, stored, deleted, or found to be infected. It POSTs an event payload describing what changed, so an integration learns about activity without polling.

Event	What it signals	Triggered by
`file.uploaded`	A new file finished uploading to the project.	In-app only
`file.infected`	A file was found to be infected by the ClamAV virus scan add-on.	`/addons/uc_clamav_virus_scan/execute/`
`file.stored`	A file was stored, making it permanently available rather than expiring as a temporary upload.	`/files/{uuid}/storage/` `/files/storage/`
`file.deleted`	A file was deleted from storage.	`/files/{uuid}/storage/` `/files/storage/`
`file.info_updated`	A file's information changed, for example its metadata was updated.	In-app only

No events match that search.

Rate limits & pagination

Rate limits, pagination & request size.

Uploadcare meters how fast an app can call the REST API and returns a throttled response when a project sends requests too quickly, and it caps how many files a single batch or list call can carry.

Request rate

Uploadcare meters REST API requests per project and returns HTTP 429 with a detail of 'Request was throttled' when a project calls too quickly; a client should back off and retry. The reference does not publish a fixed per-second number for the REST API, so a real integration should treat the limit as discoverable and handle 429 rather than assume a ceiling. Conversion and add-on work is asynchronous: the call that starts a job returns immediately with a token or request_id, and the job runs in the background while the integration polls a status method.

Pagination

List methods are cursor-based. A files or groups list returns next and previous URLs to walk pages, and the files list accepts limit, ordering by datetime_uploaded ascending or descending, and a from cursor. An integration follows the next URL until it is absent rather than computing page offsets.

Request size

The files list returns up to 100 files per page by default and 1000 at most via limit. Batch store and batch delete each accept up to 100 file UUIDs per request. The Upload API base endpoint takes files up to 100 MB in a single request; larger files must use multipart upload, where each part except the last is at least 5 MiB.

Errors

Status codes & error handling.

The status codes an agent should handle, and what to do about each.

Status	Code	Meaning	What to do
400	`bad_request`	The request was malformed, or Uploadcare.Simple authentication was attempted over plain HTTP instead of HTTPS.	Send the request over HTTPS, check the body and parameters against the method, and confirm the trailing slash on the path.
401	`unauthorized`	Authentication failed, with a detail such as 'Incorrect authentication credentials' or 'Invalid signature'.	Check the public and secret keys, and for the signature scheme recompute the HMAC and confirm the Date header is within the 15-minute window.
403	`forbidden`	The credentials are valid but not allowed to perform the request.	Confirm the keys belong to the project that owns the file or resource being acted on.
404	`not_found`	The requested file, group, or resource does not exist in this project.	Verify the UUID and that the resource lives in the project the keys belong to.
406	`not_acceptable`	The Accept header named an unsupported or missing API version.	Set Accept to application/vnd.uploadcare-v0.7+json or another supported version.
429	`throttled`	Too many requests arrived too quickly for the project; the detail field reads 'Request was throttled'.	Back off and retry with exponential backoff, and smooth the request rate.

Versioning & freshness

Version history.

Uploadcare pins one dated REST API version, requested through the Accept header, and keeps a backward-compatible version supported for at least two years after the next major one ships.

Version history

What changed, and when

Latest versionv0.7

v0.7Current version

Current major version (15 August 2022)

Version 0.7 is the current REST API version, pinned through the Accept header as application/vnd.uploadcare-v0.7+json. It restructured file information and added the add-on framework, and has since gained file metadata, new webhook events, and document conversion.

What changed

Moved image_info and video_info into a single content_info object on file responses.
Renamed the add_fields query parameter to include.
Removed several endpoints and introduced the ClamAV virus scan, AWS Rekognition, and Remove.bg add-ons.
Released 15 August 2022 with no deprecation date set.

2023-11-07Feature update

Document conversion info

Added a method to determine a document's format and the conversion options available for it before starting a job.

What changed

Introduced GET /convert/document/{uuid}/ to read a document's format and possible target formats.

2023-09-20Feature update

Multipage document conversion

Document conversion gained the ability to split a multi-page document into a group of files.

What changed

Added the save_in_group parameter to POST /convert/document/ to output a group of files.

2023-07-07Feature update

New webhook events and initiator field

Webhook payloads gained an initiator field and three new event types were added.

What changed

Added the file.stored, file.deleted, and file.info_updated webhook events.
Added an initiator field to every webhook event payload.

2022-09-08Feature update

File metadata

Introduced file metadata, a set of arbitrary key-value pairs attached to a file, with methods to read and change it.

What changed

Added four metadata methods for reading, setting, and deleting metadata keys.
Added a metadata field to the file info response.

Pin v0.7 through the Accept header and move up only when a new major version ships.

Uploadcare REST API changelog ↗

Questions

Uploadcare API, answered.

What's the difference between Uploadcare.Simple and signature authentication?+

Both go in the Authorization header. Uploadcare.Simple sends public_key:secret_key in plain text and is meant for testing, because the secret key travels on every request. The signature scheme sends public_key:signature, where the secret key derives an HMAC-SHA1 signature over the request method, body hash, content type, date, and path, so the secret is never transmitted. The signed request also needs a Date header in RFC 2822 GMT within a 15-minute window. Uploadcare recommends the signature scheme for production.

Do Uploadcare keys have per-method permissions or scopes?+

No. The public and secret keys are project-level, with no granular per-endpoint scopes. A secret key that can call one management method can call all of them for that project. To limit what an agent can do, the restriction has to live in a layer in front of Uploadcare, such as a gateway, rather than in the key itself.

How does the Upload API differ from the REST API?+

Uploading new files happens on a separate Upload API host, authenticated with the public key alone and optionally a signed expiring token, while managing existing files, groups, conversions, project settings, and webhooks happens on the REST API host with the public and secret key pair. A file is created on the Upload API, then referenced by its UUID on the REST API.

How do conversions and add-ons report results?+

They are asynchronous. Starting a document or video conversion returns a token, and running an add-on like virus scan, background removal, or AWS Rekognition returns a request_id. The integration then calls the matching status method with that token or request_id to learn whether the job is pending, finished, or failed, and to get the resulting file or appdata.

How are API versions selected?+

Each request sets the version in its Accept header, for example application/vnd.uploadcare-v0.7+json. Version 0.7 is current. Sending an unsupported or malformed version returns a 406, so an integration pins the version it was built against and changes it deliberately when moving to a new major version.

How does an app verify an Uploadcare webhook?+

When a webhook is created with a signing_secret, Uploadcare signs each delivery with an HMAC-SHA256 of the payload using that secret, and the receiver recomputes the signature over the raw body and compares it before trusting the event. A webhook subscribes to one event type, like file.uploaded or file.infected, and can be paused with is_active.

What is Bollard AI?

Control what every AI agent can do in Uploadcare.

Bollard AI sits between a team's AI agents and Uploadcare. Grant each agent exactly the access it needs, read or write, area by area, and every call is checked and logged.

Set read, write, or full access per agent, never a shared Uploadcare secret key.
Denied by default, so an agent reaches only what has been explicitly allowed.
Every call recorded in plain English: who, what, where, and the decision.

Control Uploadcare access in Bollard Browse all APIs →

Uploadcare

Media Agent

List files ResourceOffReadFull use

Delete files ActionOffReadFull use

Convert documents ActionOffReadFull use

Per-agent access, set in Bollard AI, not in Uploadcare

How the Uploadcare API works.

Connection & authentication methods.

REST API

Upload API

Webhooks

Uploadcare.Simple

Uploadcare signature

Upload API public key

What an AI agent can do in Uploadcare.

Files

File metadata

Groups

Upload API

Conversion

Add-ons

Webhooks

Project

Every Uploadcare API method.

Files

File metadata

Groups

Upload API

Conversion

Add-ons

Webhooks

Project

Webhook events.

Rate limits, pagination & request size.

Request rate

Pagination

Request size

Status codes & error handling.

Version history.

What changed, and when

Uploadcare API, answered.

More storage API guides for agents

Google Drive

Egnyte

Backblaze B2

Dropbox

Box

OneDrive

Control what every AI agent can do in Uploadcare.