> ## Documentation Index
> Fetch the complete documentation index at: https://enterprise-docs.dify.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Upload File

> **Available for**: Chatflow, Workflow, Chatbot, Agent, Text Generator apps.

Uploads a file and returns its `id` for later requests to reference. The file belongs to the uploading end user: only requests carrying the same `user` can reference it.

Which file types an app actually consumes depends on its file-upload settings; read them from [Get App Parameters](/en/3.11.x/develop/api/applications/get-app-parameters).



## OpenAPI

````yaml /en/3.11.x/develop/api/openapi_service.json post /files/upload
openapi: 3.0.1
info:
  title: Dify Service API
  description: >-
    REST API for Dify applications and knowledge bases. Application endpoints
    authenticate with an app API key; knowledge endpoints authenticate with a
    dataset API key.
  version: 1.0.0
servers:
  - url: https://{api_base_url}
    description: >-
      Base URL of the Dify Service API. Replace it with your deployment's API
      endpoint.
    variables:
      api_base_url:
        default: api.example.com/v1
        description: Host and path of the API base URL, without the `https://` prefix.
security:
  - ApiKeyAuth: []
tags:
  - name: Chat Messages
    description: Operations related to chat messages and interactions.
  - name: Files
    description: File upload and preview operations.
  - name: End Users
    description: Operations related to end user information.
  - name: Feedback
    description: User feedback operations.
  - name: Conversations
    description: Operations related to managing conversations.
  - name: Audio
    description: Text-to-Speech and Speech-to-Text operations.
  - name: Applications
    description: Operations to retrieve application settings and information.
  - name: Annotations
    description: Operations related to managing annotations for direct replies.
  - name: Human Input
    description: Endpoints for resuming paused workflows that require human input.
  - name: Workflow Runs
    description: Operations for executing and managing workflows.
  - name: Completion Messages
    description: Operations related to text generation and completion.
  - name: Knowledge Bases
    description: >-
      Operations for managing knowledge bases, including creation,
      configuration, and retrieval.
  - name: Documents
    description: >-
      Operations for creating, updating, and managing documents within a
      knowledge base.
  - name: Chunks
    description: Operations for managing document chunks and child chunks.
  - name: Metadata
    description: >-
      Operations for managing knowledge base metadata fields and document
      metadata values.
  - name: Tags
    description: Operations for managing knowledge base tags and tag bindings.
  - name: Models
    description: Operations for retrieving available models.
  - name: Knowledge Pipeline
    description: >-
      Operations for managing and running knowledge pipelines, including
      datasource plugins and pipeline execution.
paths:
  /files/upload:
    post:
      tags:
        - Files
      summary: Upload File
      description: >-
        **Available for**: Chatflow, Workflow, Chatbot, Agent, Text Generator
        apps.


        Uploads a file and returns its `id` for later requests to reference. The
        file belongs to the uploading end user: only requests carrying the same
        `user` can reference it.


        Which file types an app actually consumes depends on its file-upload
        settings; read them from [Get App
        Parameters](/en/3.11.x/develop/api/applications/get-app-parameters).
      operationId: uploadChatFile
      requestBody:
        description: File upload request. Requires multipart/form-data.
        required: true
        content:
          multipart/form-data:
            schema:
              type: object
              required:
                - file
              properties:
                file:
                  type: string
                  format: binary
                  description: >-
                    The file to upload, as one `multipart/form-data` part. The
                    filename must not contain `/` or `\`.


                    Any extension is accepted unless it is on the deployment's
                    security blacklist (`UPLOAD_FILE_EXTENSION_BLACKLIST`, empty
                    by default).


                    Size limits per category: images 10 MB, audio 50 MB, video
                    100 MB, other files 15 MB by default; deployments may
                    override them via the `UPLOAD_*_FILE_SIZE_LIMIT`
                    [environment
                    variables](/en/3.11.x/deploy/advanced-configuration/environment-variables).
                user:
                  type: string
                  description: >-
                    End-user identifier this upload belongs to, defined by your
                    app and unique within it. Omit it to attribute the upload to
                    the shared `DEFAULT-USER`. Only later requests with the same
                    `user` can reference the file. See [End User
                    Identity](/en/3.11.x/develop/api/guides/end-user-identity).
      responses:
        '201':
          description: File uploaded successfully.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/FileUploadResponse'
              examples:
                uploadSuccess:
                  summary: Response Example
                  value:
                    id: a1b2c3d4-5678-90ab-cdef-1234567890ab
                    reference: null
                    name: product-photo.png
                    size: 204800
                    extension: png
                    mime_type: image/png
                    created_by: f1e2d3c4-b5a6-7890-abcd-ef1234567890
                    created_at: 1705407629
                    preview_url: null
                    source_url: >-
                      https://upload.dify.ai/files/a1b2c3d4-5678-90ab-cdef-1234567890ab/file-preview?timestamp=1705407629&nonce=8b3e26a5&sign=rN5DXW3xkVGwGE5MSvptu_BhQVXpMbXWmVJ0ib0LMzI=
                    original_url: null
                    user_id: null
                    tenant_id: 11223344-5566-7788-99aa-bbccddeeff00
                    conversation_id: null
                    file_key: null
        '400':
          description: >-
            - `no_file_uploaded` : No file was provided in the request.

            - `too_many_files` : Only one file is allowed per request.

            - `filename_not_exists_error` : The uploaded file has no filename.

            - `invalid_param` : The filename contains `/` or `\`, or the file's
            extension is on the deployment's blacklist.
          content:
            application/json:
              examples:
                no_file_uploaded:
                  summary: no_file_uploaded
                  value:
                    status: 400
                    code: no_file_uploaded
                    message: Please upload your file.
                too_many_files:
                  summary: too_many_files
                  value:
                    status: 400
                    code: too_many_files
                    message: Only one file is allowed.
                filename_not_exists_error:
                  summary: filename_not_exists_error
                  value:
                    status: 400
                    code: filename_not_exists_error
                    message: The specified filename does not exist.
                invalid_param:
                  summary: invalid_param
                  value:
                    status: 400
                    code: invalid_param
                    message: File extension '.exe' is not allowed for security reasons
        '413':
          description: >-
            `file_too_large` : The file exceeds its category's size limit (see
            the `file` field). The runtime `message` is currently returned as an
            empty string (a known backend quirk); rely on the `code` and status.
          content:
            application/json:
              examples:
                file_too_large:
                  summary: file_too_large
                  value:
                    status: 413
                    code: file_too_large
                    message: ''
        '415':
          description: >-
            `unsupported_file_type` : The uploaded `file` part declares no MIME
            type.
          content:
            application/json:
              examples:
                unsupported_file_type:
                  summary: unsupported_file_type
                  value:
                    status: 415
                    code: unsupported_file_type
                    message: File type not allowed.
      x-codeSamples:
        - lang: bash
          label: cURL
          source: |-
            curl --request POST \
              --url 'https://{api_base_url}/files/upload' \
              --header 'Authorization: Bearer {api_key}' \
              --form 'file=@product-photo.png' \
              --form 'user={user}'
components:
  schemas:
    FileUploadResponse:
      type: object
      properties:
        id:
          type: string
          format: uuid
          description: Unique file ID.
        reference:
          type: string
          nullable: true
          description: >-
            Opaque file reference used internally when attaching files in agent
            and tool contexts. Always `null` for files uploaded through this
            endpoint.
        name:
          type: string
          description: File name.
        size:
          type: integer
          description: File size in bytes.
        extension:
          type: string
          nullable: true
          description: File extension.
        mime_type:
          type: string
          nullable: true
          description: MIME type of the file.
        created_by:
          type: string
          format: uuid
          nullable: true
          description: >-
            End-user ID of the uploader. Look up details with [Get End User
            Info](/en/3.11.x/develop/api/end-users/get-end-user-info).
        created_at:
          type: integer
          format: int64
          description: Upload timestamp (Unix epoch seconds).
        preview_url:
          type: string
          nullable: true
          description: Preview URL for the file.
        source_url:
          type: string
          description: Signed URL for downloading the file.
        original_url:
          type: string
          nullable: true
          description: Original URL of the file.
        user_id:
          type: string
          format: uuid
          nullable: true
          description: Unused; always `null`.
        tenant_id:
          type: string
          format: uuid
          nullable: true
          description: ID of the associated tenant.
        conversation_id:
          type: string
          format: uuid
          nullable: true
          description: ID of the associated conversation.
        file_key:
          type: string
          nullable: true
          description: Unused; always `null`.
  securitySchemes:
    ApiKeyAuth:
      type: http
      scheme: bearer
      bearerFormat: API_KEY
      description: >-
        Every request authenticates with an API key: `Authorization: Bearer
        {API_KEY}`. App endpoints take an app API key; knowledge endpoints take
        a knowledge base API key ([Get
        Started](/en/3.11.x/develop/api/guides/get-started)).


        Keep keys server-side; never embed them in client code. Requests with a
        missing or invalid key fail with HTTP `401` (`unauthorized`).

````