Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/WyattBrashear/507ex-utils2/llms.txt

Use this file to discover all available pages before exploring further.

The CAR server exposes two HTTP endpoints. POST /push accepts a .507ex upload and returns a pull URL with a secret code. POST /pull/<file_id> authenticates a download request and streams the binary back to the caller. The FZX2 CLI handles both automatically, but you can also call the endpoints directly with any HTTP client.

POST /push

Upload a .507ex executable to the server. The server stores the file under the provided file_id, generates a 6-digit secret code, persists its SHA-256 hash, and returns the raw code along with the pull URL. Content-Type: multipart/form-data

Request fields

file_id
string
required
The UUID identifier for the file. This value must match the 507ex-id embedded in the executable’s header. The FZX2 CLI extracts this automatically before uploading.
file
file
required
The .507ex binary data to store on the server.

Response fields

status
string
required
Always "success" on a successful upload.
secret_code
string
required
A 6-digit numeric code returned as a string (e.g., "482910"). This is the raw code — the server stores only its SHA-256 hash. Save this value immediately; it cannot be retrieved again.
url
string
required
The full URL to use when pulling the file, in the form http://<server>/pull/<file_id>.

Example

curl --request POST \
  --url http://127.0.0.1:5000/push \
  --form "file_id=a1b2c3d4-e5f6-7890-abcd-ef1234567890" \
  --form "file=@my_app.507ex"
Response: 
{
  "status": "success",
  "secret_code": "482910",
  "url": "http://127.0.0.1:5000/pull/a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}

POST /pull/{file_id}

Download a .507ex executable from the server. The caller must provide the SHA-256 hash of the secret code. The server compares the submitted hash against the stored hash and serves the file only if they match. Content-Type: application/x-www-form-urlencoded

Path parameters

file_id
string
required
The UUID of the executable to download. This is the same value used when uploading with /push.

Request fields

secret_code
string
required
The SHA-256 hex digest of the numeric secret code. The FZX2 CLI hashes the user-supplied code automatically before sending this request. If you are calling the endpoint directly, hash the raw 6-digit code yourself before submitting.

Responses

StatusBodyMeaning
200 OK.507ex binary (attachment)Authentication succeeded; the file is returned as a download.
401 UnauthorizedInvalid secret codeThe submitted hash does not match the stored hash.
404 Not FoundFile not foundNo file with the given file_id exists on the server.
The FZX2 CLI hashes the secret code with SHA-256 before sending it. If you call /pull directly (e.g., with curl), you must hash the code yourself. The raw numeric code will always produce a 401 response.

Example

# Hash the secret code first, then submit the hash
SECRET_HASH=$(echo -n "482910" | sha256sum | awk '{print $1}')

curl --request POST \
  --url http://127.0.0.1:5000/pull/a1b2c3d4-e5f6-7890-abcd-ef1234567890 \
  --data "secret_code=${SECRET_HASH}" \
  --output my_app.507ex
On success, the response body is the raw .507ex binary served as a file attachment. On failure, the body is a plain-text error message.

Build docs developers (and LLMs) love

Get started for freeTalk to us