The file endpoints are the heart of Vaulx’s browser-based interface. They serve full HTML pages for direct navigation and lightweight HTMX partials for in-page updates — the same routes handle both, determined by the presence of theDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/noelzappy/vaulx/llms.txt
Use this file to discover all available pages before exploring further.
HX-Request: true request header. All endpoints require an active session cookie; unauthenticated requests are rejected with 401 Unauthorized.
List root files
Page number. Must be a positive integer.
Number of files per page. Maximum value is
100.200 OK — full HTML page (FilesPage) or an HTMX content partial (FileBrowserContent) when HX-Request: true is present. Pagination controls are rendered only for admin users.
Error responses:
| Status | Condition |
|---|---|
401 Unauthorized | No active session. |
500 Internal Server Error | Database query failure. |
List folder contents
UUID of the folder to open.
Page number. Ignored for non-admin users (all permitted items are returned).
Items per page (admin only). Maximum
100.200 OK — HTML page with the folder’s contents and a breadcrumb trail.
Error responses:
| Status | Condition |
|---|---|
400 Bad Request | folderID is not a valid UUID. |
403 Forbidden | Authenticated user has no access to this folder. |
404 Not Found | No folder with that ID exists. |
500 Internal Server Error | Database query failure. |
Access is evaluated first against folder ownership (
owner_id). If the user is neither the owner nor an admin, the server checks the permissions table for an explicit grant on this folder resource before returning 403.Search files and folders
ILIKE search across all active file names (up to 100 results) and folder names (up to 50 results). When q is empty or whitespace-only the request falls back to the standard root listing.
Authentication: Required (any role)
Search term. Matched with
ILIKE '%term%' against files.name and folders.name.200 OK
- When
HX-Request: true— returns aSearchResultsHTML partial suitable for HTMX swap. - Otherwise — returns a full
SearchPageHTML document.
| Status | Condition |
|---|---|
401 Unauthorized | No active session. |
500 Internal Server Error | Search query failure. |
Delete a file
status column is set to 'deleted' and it moves to the trash. Passing permanent=true performs a hard delete: the S3 object is removed first, then the database row is deleted entirely. Hard delete is restricted to admins.
Authentication: Required (editor role; admin for hard delete)
UUID of the file to delete.
Set to
true to permanently remove the S3 object and the database row. Admin only.200 OK with an HX-Trigger header:
| Status | Condition |
|---|---|
400 Bad Request | fileID is not a valid UUID. |
401 Unauthorized | No active session. |
403 Forbidden | User is not an editor, or is an editor but did not upload this file, or permanent=true was used by a non-admin. |
404 Not Found | No file with that ID exists. |
500 Internal Server Error | Database or S3 operation failed. |
Rename a file
FileCard HTML partial so HTMX can swap it in place.
Authentication: Required (editor who uploaded the file, or admin)
UUID of the file to rename.
application/x-www-form-urlencoded):
The new display name for the file. Cannot be empty.
200 OK — FileCard HTML partial with HX-Trigger:
| Status | Condition |
|---|---|
400 Bad Request | fileID invalid, form parse error, or name is empty. |
401 Unauthorized | No active session. |
403 Forbidden | User is not an editor, or did not upload this file and is not an admin. |
404 Not Found | No active file with that ID. |
500 Internal Server Error | Database update failed. |
Move a file to a folder
folderId string to move the file to the root level. Returns the refreshed FileCard HTML partial.
Authentication: Required (editor+)
UUID of the file to move.
application/json):
UUID of the destination folder. Pass an empty string
"" to move the file to the root (no folder).200 OK — updated FileCard HTML partial with HX-Trigger:
| Status | Condition |
|---|---|
400 Bad Request | fileID or folderId is not a valid UUID, or the JSON body cannot be decoded. |
403 Forbidden | No active session or user is not at least an editor. |
500 Internal Server Error | Database update failed. |
Preview a file
PreviewPanel HTML partial. Intended for HTMX-driven side-panel previews in the file browser. Only files with status = 'active' are previewable.
Authentication: Required (any role)
UUID of the file to preview.
200 OK — PreviewPanel HTML partial containing the presigned URL and file metadata.
Error responses:
| Status | Condition |
|---|---|
400 Bad Request | fileID is not a valid UUID. |
401 Unauthorized | No active session. |
403 Forbidden | User is not the uploader, not an admin, and has no permission grant on this file. |
404 Not Found | File does not exist or status != 'active'. |
500 Internal Server Error | Presigned URL generation failed. |
The presigned URL embedded in the
PreviewPanel is valid for 5 minutes (generated via storage.PresignGETWithTTL). It is intended for in-browser inline preview only. For a direct force-download, use the download endpoint instead.List all folders (JSON)
200 OK — application/json
Folder UUID.
Folder display name.
| Status | Condition |
|---|---|
401 Unauthorized | No active session. |
500 Internal Server Error | Database query failed. |