Upload File from URL
Create a file collection by pointing anyformat at an HTTPS URL
When to use this
- The document is in a bucket you can presign (S3, GCS, R2, etc.) and you’d rather hand anyformat the link than route the bytes through your own backend.
- The document lives at a public HTTPS URL.
- You want one round-trip instead of a multipart upload.
Constraints
| Scheme | https:// only — http:// is rejected at the gateway with 400. |
| Fetch timeout | 10 seconds per network phase (connect, read, write, pool). |
| Size cap | 20 MB (mirrors the multipart upload cap). |
| Redirects | Not followed. A 3xx from the supplied URL is treated as a guard rejection and surfaces as a 400 — your URL must serve the bytes directly (no CDN redirects, no URL shorteners). |
| SSRF guard | URLs whose hostname resolves to a non-globally-routable IP (per IANA is_global: loopback, RFC1918, link-local incl. cloud-metadata 169.254.169.254, IPv6 ULA, multicast, reserved, IPv4-mapped IPv6) are rejected before any fetch attempt. |
What happens after the 201
The URL endpoint returns immediately with"status": "pending" and fetches the bytes asynchronously, server-side. The status field on the file listing reflects extraction state, not upload state — a subsequent GET /v2/workflows/{workflow_id}/files/ will continue to report pending until a workflow run is triggered against the returned collection_id, even after the asynchronous fetch has finished and the bytes are in storage. Polling the file listing for an “upload-complete” transition will not work.
The intended next step is to start a run on the returned collection_id straight away (see Run Workflow). The file’s status then moves through queued, in_progress, and processed as the extraction progresses, and the standard polling pattern on GET .../files/ reports those transitions.
Request body
| Field | Type | Required | Description |
|---|---|---|---|
url | string | Yes | HTTPS URL anyformat will fetch the file bytes from. |
filename | string | Yes | Filename to record on the uploaded file. |
content_type | string | No | MIME type of the file. Leave empty (or omit) to use the URL’s response Content-Type header. |
Error responses
| Status | When |
|---|---|
400 | URL uses a disallowed scheme (http://, file://, …), resolves to a non-public IP, returns a 3xx redirect, or returns a body larger than the 20 MB cap — anything the SSRF guard or fetcher treats as structurally unacceptable input. |
422 | The upstream URL prevented processing — connection timed out, hostname did not resolve, or the target returned a 4xx/5xx response. |
Authorizations
API key issued from app.anyformat.ai/api-key. Send as Authorization: Bearer <key>.
Path Parameters
Body
Payload for creating a file collection from a single remote URL.
Single URL per request keeps the wire shape predictable; SDKs that need
batches wrap the call. content_type may be empty — the backend
falls back to the response's Content-Type header in that case.
Only HTTPS URLs are accepted. The backend additionally runs a DNS+IP
SSRF guard before the fetch — URLs whose hostname resolves to a
non-globally-routable IP (per IANA is_global: loopback, RFC1918,
link-local incl. cloud-metadata 169.254.169.254, IPv6 ULA, multicast,
reserved, IPv4-mapped IPv6) are refused. Enforcing the scheme at the
gateway means malformed requests fail fast without traversing the
backend.
HTTPS URL the backend will fetch the file bytes from.
"https://example.com/invoices/april.pdf"
Filename to record on the uploaded file.
"april.pdf"
MIME type of the file. Leave empty to use the URL's response Content-Type header.
"application/pdf"
Response
Successful Response
Response from creating a file collection. Contains the collection ID and the status of each uploaded file.
Unique identifier of the newly created file collection.
"069dcc2c-e14c-7606-8000-2ee4fb17b4e1"
List of files included in the collection, with their upload status.
The UUID of the workflow this collection belongs to.
"0686bb97-8c30-70f0-8000-97669e000eb8"
Human-readable name for the collection.
Files the backend refused to accept — unsupported extension at slot-time or disguised bytes at register-time. Empty when every file uploaded cleanly.
