Developer Docs

dlvr.sh / Overview
Home API

Get Started

Overview

Everything a user needs to start using dlvr.sh today: web uploads, share links, REST API paths, limits, and the current security model.

Quickstart

dlvr.sh is built for temporary file delivery. Upload a file in the web UI or through the API, get a short share link, and let the service handle expiry, optional passwords, and download limits.

The fastest way to try the service is the homepage uploader. For automation, use the REST API. Small files can go through a single multipart request. Larger files use a two-step direct upload flow.

Web

Choose a file, set a duration, optionally add a password or download limit, and upload from the homepage.

REST API

Use POST /api/upload for smaller files or the direct upload session flow for larger ones.

Small file via REST

curl -X POST https://dlvr.sh/api/upload \
  -F "file=@./report.pdf" \
  -F "duration=24h" \
  -F "password=secret" \
  -F "maxDownloads=10" \
  -F "notify=team@example.com"

Web uploads

The homepage uploader supports one file at a time and exposes the same core options as the API: duration, password, max downloads, and optional notification emails.

  • Smaller files upload inline through the Worker.
  • Larger files switch to a direct upload flow when direct uploads are enabled on the deployment.
  • Successful uploads return a short share URL in the form /f/<short-id>/.
  • The success state lets you copy the share link immediately.

Direct upload availability

Large-file direct uploads depend on server-side R2 signing being configured on the deployment. If direct uploads are not enabled, the large-file API path returns 503.

Limits and current behavior

Item Current behavior
Inline API upload About 95 MiB
Overall file size limit 2 GiB
Durations 1h, 24h, 3d, 7d
Max downloads Optional, normalized to a positive integer up to 10,000
Authentication No user auth required today

Large-file REST uploads are two-step

A single curl -F request is only for the inline upload path. Larger REST uploads use POST /api/uploads, an R2 upload URL, and then POST /api/uploads/:uploadId/complete.

Security and privacy

dlvr.sh is designed for temporary delivery, not permanent storage. Files can be protected with a password, limited by download count, and expire automatically based on the selected duration.

  • Passwords are supported on uploads and required on download when set.
  • Notification emails include the share URL and file metadata, but not the plaintext password.
  • The service stores the metadata required to enforce expiry, passwords, and download limits.
  • The public share link is the only thing needed to reach the download page unless a password is configured.

For public endpoint reference and request examples, continue to the REST API docs.