Developer API – WhiteCodel App Share

Base URL

https://tools.whitecodel.com/app-share

Authentication

Upload endpoints accept either:

Token (App Password) – Send your App Password in the token header. Use this for scripts, CI, or curl.
Session – Log in on the website; the session cookie is used automatically.

How to get and use an App Password (full steps):

Log in at tools.whitecodel.com.
Go to Account (your account page).
In the App Passwords section, click Create App Password.
Copy the generated password immediately — it is shown only once. You can have up to 5 App Passwords per account.
Use this value in the token header for all API requests (see examples below).

Header for API requests:

token: YOUR_APP_PASSWORD

Your account must have an active App Share subscription. If the token is missing or invalid, you get 401 (or a login prompt when using the web UI).

POST /uploadFile

Upload an APK or IPA file using multipart/form-data.

Headers:

token – Your App Password (required for API; omit if using session cookie)

Form fields – Required:

file – APK or IPA file

Form fields – Optional:

comment – Release notes (HTML supported; shown on app page)
password – Protect app page with a password
slug – Custom URL slug (e.g. my-app); must be unique
expiresInDays – 1–30; default 30

Example (curl):

curl --location 'https://tools.whitecodel.com/app-share/uploadFile' \
  --header 'token: YOUR_APP_PASSWORD' \
  --form 'file=@"/path/to/your/app.apk"' \
  --form 'comment="Version 1.2 fixes"' \
  --form 'expiresInDays="14"'

POST /uploadFromUrl

Upload an APK or IPA from a remote URL. Send a JSON body (not form-data).

Headers:

token – Your App Password (required for API)
Content-Type: application/json – Required

Body (JSON):

fileUrl – (required) Public URL of the APK or IPA
comment – Release notes (optional)
password – Protect app page with a password (optional)
slug – Custom URL slug (optional)
expiresInDays – 1–30; default 30 (optional)

Example (curl):

curl --location 'https://tools.whitecodel.com/app-share/uploadFromUrl' \
  --header 'token: YOUR_APP_PASSWORD' \
  --header 'Content-Type: application/json' \
  --data '{
    "fileUrl": "https://example.com/build.apk",
    "comment": "CI build",
    "expiresInDays": 14
  }'

Response (upload endpoints)

200 OK returns { appMetaDoc: { ... } } with:

_id – App ID
appUrl – Full share URL (?app_id=...)
appShortUrl – Short URL (/app-share/app/:slug)
downloadUrl – Direct download URL
installUrl – Install URL (Android direct; iOS manifest)
name, version, type (apk/ipa), etc.

Errors: 400 (validation), 401 (invalid token / not logged in), 402 (subscription required), 500 (server error).

Public endpoints (no auth)

GET /app?app_id=:id – App page (HTML)
GET /app/:slug – App page by slug (HTML)
GET /download?app_id=:id – Redirect to file (counts download)
GET /install?app_id=:id – Redirect to install URL (counts download)
GET /icon?app_id=:id – App icon (image)

Account – edit app details

When logged in via session:

GET /account/app/:app_id – Get app details for edit (JSON: name, comment, hasPassword)
PATCH /account/app/:app_id – Update comment and/or password (body: comment, password, removePassword)