Skip to main content

Documentation Index

Fetch the complete documentation index at: https://productlane.mintlify.dev/docs/llms.txt

Use this file to discover all available pages before exploring further.

The POST /api/v2/files endpoint accepts a multipart/form-data upload and returns a CDN URL you can reference from any other v2 resource that accepts file URLs (changelog image_url, help center article body, thread message attachments, etc.). This is the only v2 endpoint that does not accept JSON - multipart is required because we stream the upload straight to storage without buffering the whole file in memory.

Authentication

Standard v2 bearer auth. The key must have the files:write scope. 
Authorization: Bearer pl_v2_xxxxxxxxxxxxxxxxxxxxxxxxxx

Limits

LimitValue
Max file size10 MB per request
Per-key burst30 uploads / minute
Per-workspace daily500 uploads / day
Standard v2 write rate limit (60/min/key) also applies, in addition to the upload-specific budget above.

Allowed content types

Uploads are validated by Content-Type. Anything outside this list is rejected with 400 validation_failed. image/svg+xml, text/html, and application/octet-stream are deliberately excluded to prevent hosting hostile content. Images
  • image/png
  • image/jpeg
  • image/gif
  • image/webp
Documents
  • application/pdf
  • application/msword (.doc)
  • application/vnd.openxmlformats-officedocument.wordprocessingml.document (.docx)
  • application/vnd.ms-excel (.xls)
  • application/vnd.openxmlformats-officedocument.spreadsheetml.sheet (.xlsx)
  • application/vnd.ms-powerpoint (.ppt)
  • application/vnd.openxmlformats-officedocument.presentationml.presentation (.pptx)
  • text/csv
  • text/plain

Request

POST https://productlane.com/api/v2/files Body: multipart/form-data with a single field named file.
FieldTypeRequiredDescription
filebinaryyesThe file to upload. Must match one of the allowed content types and be ≤ 10 MB.
curl -X POST https://productlane.com/api/v2/files \
  -H "Authorization: Bearer pl_v2_xxxxxxxxxxxxxxxxxxxxxxxxxx" \
  -F "file=@./logo.png"

Response

200 OK 
{
  "file_url": "https://assets.productlane.com/workspaces/ws_.../api/key_.../9f3a....png",
  "content_type": "image/png",
  "size": 24512,
  "original_file_name": "logo.png"
}
FieldDescription
file_urlPublic CDN URL of the uploaded file. Pass this to any endpoint that accepts a file URL.
content_typeNormalized lowercase content type the server stored.
sizeFile size in bytes after upload.
original_file_nameFilename you uploaded with, if any. null if the multipart part had no filename.
The returned URL is scoped to your workspace and tagged with the API key id that uploaded it, so a compromised key can be cleaned up in one sweep.

Using the URL

The most common destinations:
  • Changelog cover image - pass file_url as image_url on POST /changelogs or PATCH /changelogs/{id}.
  • Help center article body - embed the URL inline in the article HTML you send to POST /docs/articles (<img src="...">).
  • Thread message attachments - pass the URL as part of the attachments array on POST /threads/{thread_id}/messages.

Errors

The standard v2 error envelope is returned for every non-2xx response.
StatusCodeWhen
400validation_failedMissing file field, content type not allowed, or other validation.
401unauthenticatedMissing or invalid bearer token.
403scope_requiredKey does not have the files:write scope.
410unsupported_key_versionv1 key (pl_*) hit this endpoint. Mint a v2 key.
413validation_failedFile exceeds the 10 MB limit.
429rate_limitedPer-key or per-workspace upload budget exhausted.
Example error: 
{
  "error": {
    "code": "validation_failed",
    "message": "Content type \"image/svg+xml\" is not allowed for uploads.",
    "details": {
      "allowed": [
        "application/pdf",
        "image/gif",
        "image/jpeg",
        "image/png",
        "image/webp",
        "text/csv",
        "text/plain"
      ]
    },
    "request_id": "req_01HXY..."
  }
}
Every response carries an X-Request-Id header. Include it when contacting support.

Notes

  • No deletion endpoint. Uploaded files persist; we don’t currently expose a way to delete them. If you need a file gone (e.g. credential leak in an upload), revoke the key and contact support.
  • CDN is public. Don’t upload anything that should be private - the URL is unguessable but not auth-gated.
  • Retries are safe but produce a new URL. This endpoint has no idempotency key; retrying an upload uploads the same content twice and returns two different URLs.