API Documentation

Full REST API reference for GDShine. Authenticate via Bearer JWT or API key.

Authentication

Pick ONE of the following mechanisms. Do not combine them.

Bearer Token (for web + SDK)

Authorization: Bearer <jwt-from-login>

API Key (for integrations)

X-API-Key: ds_your_api_key

Create one from /dashboard/api-keys. Keys are shown only once — copy immediately.

Response format

All responses follow this shape:

{
  "success": true | false,
  "data": { ... },
  "error": "Error message (if success is false)",
  "code": 400,
  "pagination": { "total": 100, "page": 1, "perPage": 20, "totalPages": 5 }
}

Rate limits

All responses include rate-limit headers you can inspect:

X-RateLimit-Limit: 120
X-RateLimit-Remaining: 119
X-RateLimit-Window: 60
Retry-After: 42            (present only on 429 responses)

Exceeding the limit returns HTTP 429. Limits per endpoint are shown in the "Rate limit" row on each endpoint below.

Authentication

All authenticated endpoints accept either a Bearer JWT (returned from login) or an API key via the X-API-Key header.

Files

Manage files you've uploaded. Public files can be viewed without auth.

Downloads

Initiate file downloads. Downloads are rate-limited per IP + user.

Drives

Manage connected Google Drive accounts. Personal drives are limited to 1 per user.

Share Links

Create time-limited, optionally password-protected share links.

Billing & Payments

Subscriptions, invoices, and UPI/bank/crypto/PayPal payment requests.

API Keys

Create API keys for programmatic access. Each key is shown once at creation.

Public API (v1) — for 3rd-party integrations

Rate-limited programmatic API designed for external apps. Requires API key via X-API-Key header.

Config & Misc

Public metadata useful for apps, landing pages, etc.

Admin API

Admin-only endpoints under /api/admin/* are intentionally not documented here — they require admin role and are subject to change.