The API

Sysctl AB - 2017-10-12

Background

Deaddrop can be used from a program by using the API. The API using the same requsts that the javascript in the web interface uses. This documentation will explain how it works to create an integration with deaddrop for machine to machine communication.

The API will change in the future and customers who has notified sysctl that they using the API will get notification before upgrades or changes in the API to ensure their software can be upgraded in time before the changes.


API - 1.0

Workflows

Its possible to do different tasks, like sending a file to a receiver or permit a contact to use deaddrop for a limit time. Its also possible to get the history etc. All data except the file upload and download will use the JSON format.


API - Workflows - 1.1

Send a file to receiver


API - Workflows - 1.2

Get a list of contacts


API - Workflows - 1.3

Remove a contact

Removing a contact is the same function as when adding contacts, its a list of new contacts. To remove all contacts, just send and empty JSON array “[]”


API - Workflows - 1.4

Remove a contact as a receiver

Removing a contact as a receiver is the same function as when adding contacts as a receiver, its a list of contacts. To remove all contacts as receivers, just send and empty JSON array “[]”


API - Workflows - 1.5

Remove a uploaded file


API - Workflows - 1.6

Get history and active downloads


API - Workflows - 1.7

Download an incoming file


API - 2.0

API


API - API - 2.1

Get CSRF token

The CSRF token is accessible from a http respons when sending a GET to a users index page. The value from the hidden input-tag "csrftoken" is the CSRF token that is needed for all CGI requests Sse the example of the input field below with CSRF-token in bold font.

<input type=\"hidden\" id=\"csrftoken\" name=\"csrftoken\" value=\"**1dJMRBNRMacGnfRzhpgda7Sq7eU=**\"\>

This value needs to be used in ALL CGI requests.

Dont forget the trailing slash in the URL.

Description

Request

GET https://deaddrop.syctl.se/apiuser@sysctl.se/

Response

index html code which include the CSRF token

Curl

curl -u apiuser@sysctl.se:apipassword https://deaddrop.sysctl.se/apiuser@sysctl.se/

Raw HTTP

> GET /apiuser@sysctl.se/ HTTP/1.1
> Authorization: Basic YXBpdXNlckBzeXNjdGwuc2U6YXBpcGFzc3dvcmQ=
> Host: deaddrop.sysctl.se
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Wed, 11 Oct 2017 00:30:57 GMT
< Server: Apache
< Strict-Transport-Security: max-age=15768000
< Content-Security-Policy: default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; child-src 'self'; object-src 'self';
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< X-UA-Compatible: IE=edge
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, must-revalidate
< Expires: 0
< Pragma: no-cache
< Content-Length: 34287
< Content-Type: text/html; charset=utf-8
<
< <!DOCTYPE html>
< <html lang='en'>
< <head>
< ...
< ...
< </footer>
< <input type="hidden" id="refreshed" value="no"><input type="hidden" id="csrftoken" name="csrftoken" value="1dJMRBNRMacGnfRzhpgda7Sq7eU="></body></html>

API - API - 2.2

Get contacts

Before adding a contact i can be goog to verify if the contact already exist. Adding a contact is not possible if they already exist.

Description

Request

GET https://deaddrop.syctl.se/apiuser@sysctl.se/cgi/contacts_read.cgi

Response

json array of contacts objects or empty array if no contacts exists or empty array if no contacts exists

Curl

curl -u apiuser@sysctl.se:apipassword -H "CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=" https://deaddrop.domain.se:443/apiuser@sysctl.se/cgi/contacts_read.cgi

Raw HTML

> GET /apiuser@sysctl.se/cgi/contacts_read.cgi HTTP/1.1
> Authorization: Basic YXBpdXNlckBzeXNjdGwuc2U6YXBpcGFzc3dvcmQ=
> Host: deaddrop.sysctl.se
> Accept: */*
> CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=
>
< HTTP/1.1 200 OK
< Date: Sat, 14 Oct 2017 03:17:09 GMT
< Server: Apache
< Strict-Transport-Security: max-age=15768000
< Content-Security-Policy: default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; child-src 'self'; object-src 'self';
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< X-UA-Compatible: IE=edge
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, must-revalidate
< Expires: 0
< Pragma: no-cache
< Content-Length: 105
< Content-Type: application/json; charset=utf-8
<
<[{"email":"contact@sysctl.se","number":"123456789","language":"en","groups":["sysctl"],"nick":"contact"}]

API - API - 2.3

Add a contact

To send a file to a receiver at least one contact is needed, the contacts can be the receivers of the file. A contact can also be used to allow temporary use of deaddrop functionality for a limit time.

Description

Request

POST https://deaddrop.sysctl.se/apiuser@sysctl.se/cgi/receivers_set.cgi
POST data: json array with contact

Response

json object with status code

Curl

curl -u apiuser@sysctl.se:apipassword -H "CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=" -H "Content-Type: application/json" -X POST -d '[{"email":"contact@sysctl.se","number":"123456789","language":"en","groups":["sysctl"],"nick":"contact"}]' https://deaddrop.sysctl.se/apiuser@sysctl.se/cgi/receivers_set.cgi

Raw HTML

> POST /apiuser@sysctl.se/cgi/receivers_set.cgi HTTP/1.1
> Authorization: Basic YXBpdXNlckBzeXNjdGwuc2U6YXBpcGFzc3dvcmQ=
> Host: deaddrop.sysctl.se
> Accept: */*
> CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=
> Content-Type: application/json
> Content-Length: 105
>
> [{"email":"contact@sysctl.se","number":"123456789","language":"en","groups":["sysctl"],"nick":"contact"}]
>
< HTTP/1.1 200 OK
< Date: Wed, 11 Oct 2017 00:52:02 GMT
< Server: Apache
< Strict-Transport-Security: max-age=15768000
< Content-Security-Policy: default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; child-src 'self'; object-src 'self';
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< X-UA-Compatible: IE=edge
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, must-revalidate
< Expires: 0
< Pragma: no-cache
< Content-Length: 15
< Content-Type: application/json; charset=utf-8
<
< {"status":"ok"}

API - API - 2.4

Add contacts as receivers

To send a file to a receiver a contact must be added as a receiver. One more many contacts can be receivers.

Description

Request

POST https://deaddrop.sysctl.se/apiuser@sysctl.se/cgi/receivers_set.cgi
POST data: array with receiver(s)

Response

object with status code

Curl

curl -u apiuser@sysctl.se:apipassword -H "CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=" -H "Content-Type: application/json" -X POST -d '[{"email":"contact@sysctl.se","number":"123456789","language":"en","groups":["sysctl"],"nick":"contact"}]' https://deaddrop.sysctl.se/apiuser@sysctl.se/cgi/receivers_set.cgi

Raw HTML

> POST /apiuser@sysctl.se/cgi/receivers_set.cgi HTTP/1.1
> Authorization: Basic YXBpdXNlckBzeXNjdGwuc2U6YXBpcGFzc3dvcmQ=
> Host: deaddrop.sysctl.se
> Accept: */*
> CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=
> Content-Type: application/json
> Content-Length: 105
>
> [{"email":"contact@sysctl.se","number":"123456789","language":"en","groups":["sysctl"],"nick":"contact"}] 
>
< HTTP/1.1 200 OK
< Date: Wed, 11 Oct 2017 08:05:46 GMT
< Server: Apache
< Strict-Transport-Security: max-age=15768000
< Content-Security-Policy: default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; child-src 'self'; object-src 'self';
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< X-UA-Compatible: IE=edge
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, must-revalidate
< Expires: 0
< Pragma: no-cache
< Content-Length: 15
< Content-Type: application/json; charset=utf-8
<
< {"status":"ok"}

API - API - 2.5

Get uploaded files

To get all the files that has been uploaded

Description

Request

GET https://deaddrop.syctl.se/apiuser@sysctl.se/cgi/get_files.cgi

Response

json array of objects or empty array if no file exists

Curl

curl -u apiuser@sysctl.se:apipassword -H "CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=" https://deaddrop.domain.se:443/apiuser@sysctl.se/cgi/get_files.cgi

Raw HTML

> GET /testuser@sysctl.se/cgi/get_files.cgi HTTP/1.1
> Authorization: Basic YXBpdXNlckBzeXNjdGwuc2U6YXBpcGFzc3dvcmQ=
> Host: deaddrop.sysctl.se
> Accept: */*
> CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=
> 
< HTTP/1.1 200 OK
< Date: Wed, 03 Oct 2018 19:48:00 GMT
< Server: Apache
< Strict-Transport-Security: max-age=15768000
< Content-Security-Policy: default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; child-src 'self'; object-src 'self';
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< X-UA-Compatible: IE=edge
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, must-revalidate
< Expires: 0
< Pragma: no-cache
< Content-Length: 71
< Content-Type: application/json; charset=utf-8
< 
< [{"name":"gigfile","type":"application/octet-stream","size":"1.07 GB"}]

API - API - 2.6

Delete a uploaded file

To delete a file, get the uploaded files list and remove a file by using the file name as argumrnt in the get request

Description

Request

GET https://deaddrop.syctl.se/apiuser@sysctl.se/cgi/remove_file.cgi?filename=gigfile

Response

json status

Curl

curl -u apiuser@sysctl.se:apipassword -H "CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=" https://deaddrop.domain.se:443/apiuser@sysctl.se/cgi/remove_file.cgi?filename=gigfile

Raw HTML

> GET /testuser@sysctl.se/cgi/remove_file.cgi?filename=gigfile HTTP/1.1
> Authorization: Basic YXBpdXNlckBzeXNjdGwuc2U6YXBpcGFzc3dvcmQ=
> Host: deaddrop.sysctl.se
> Accept: */*
> CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=
> 
< HTTP/1.1 200 OK
< Date: Wed, 03 Oct 2018 19:48:00 GMT
< Server: Apache
< Strict-Transport-Security: max-age=15768000
< Content-Security-Policy: default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; child-src 'self'; object-src 'self';
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< X-UA-Compatible: IE=edge
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, must-revalidate
< Expires: 0
< Pragma: no-cache
< Content-Length: 20
< Content-Type: application/json; charset=utf-8
< 
< {"status":"deldone"}

API - API - 2.7

Upload a file

One or more files can be uploaded to deaddrop and in the next step be shared to receivers The upload are using multipart/form-data

Description

Request

POST https://deaddrop.sysctl.se/apiuser@sysctl.se/cgi/upload.cgi
do=upload
file data

Response

json object with status code

Curl

curl -u apiuser@sysctl.se:apipassword -H "CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=" -F do=upload -F file=@/var/deaddrop/html/favicon.png https://deaddrop.sysctl.se/apiuser@sysctl.se/cgi/upload.cgi

Raw HTML

> POST /apiuser@sysctl.se/cgi/upload.cgi HTTP/1.1
> Authorization: Basic YXBpdXNlckBzeXNjdGwuc2U6YXBpcGFzc3dvcmQ=
> Host: deaddrop.sysctl.se
> Accept: */*
> CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=
> Content-Length: 2756
> Expect: 100-continue
> Content-Type: multipart/form-data; boundary=----------------------------9be544cb78fe
>
> data of file
>
< HTTP/1.1 100 Continue
< HTTP/1.1 200 OK
< Date: Wed, 11 Oct 2017 18:55:54 GMT
< Server: Apache
< Strict-Transport-Security: max-age=15768000
< Content-Security-Policy: default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; child-src 'self'; object-src 'self';
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< X-UA-Compatible: IE=edge
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, must-revalidate
< Expires: 0
< Pragma: no-cache
< Transfer-Encoding: chunked
< Content-Type: application/json; charset=utf-8
<
< {"status":"done"}

API - API - 2.8

Create deaddrop

Create deaddrop will send receivers list with the uploaded file(s) togheter with the post data to the backend. The backend will create download pages for all receivers.

Description

Request

POST https://deaddrop.sysctl.se/apiuser@sysctl.se/cgi/createdeaddrop.cgi
{"desttime":1,"ddmessage":"You have received this mail because you are allowed to download protected files delivered by the deaddrop service"}

Response

json object with status code

Curl

curl -u apiuser@sysctl.se:apipassword -H "CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=" -H "Content-Type: application/json" -X POST -d '{"desttime":1,"ddmessage":"You have received this mail because you are allowed to download protected files delivered by the deaddrop service"}' https://deaddrop.sysctl.se/apiuser@sysctl.se/cgi/createdeaddrop.cgi

Raw HTML

> POST /apiuser@sysctl.se/cgi/createdeaddrop.cgi HTTP/1.1
> Authorization: Basic YXBpdXNlckBzeXNjdGwuc2U6YXBpcGFzc3dvcmQ=
> Host: deaddrop.sysctl.se
> Accept: */*
> CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=
> Content-Type: application/json
> Content-Length: 142
>
> {"desttime":1,"ddmessage":"You have received this mail because you are allowed to download protected files delivered by the deaddrop service"}
>
< HTTP/1.1 200 OK
< Date: Wed, 11 Oct 2017 19:03:42 GMT
< Server: Apache
< Strict-Transport-Security: max-age=15768000
< Content-Security-Policy: default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; child-src 'self'; object-src 'self';
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< X-UA-Compatible: IE=edge
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, must-revalidate
< Expires: 0
< Pragma: no-cache
< Content-Length: 15
< Content-Type: application/json; charset=utf-8
<
< {"status":"ok"}

API - API - 2.9

Get history

Get the history of created deaddrops (shared files) and to get a list of files that can be downloaded

Description

Request

GET https://deaddrop.sysctl.se/apiuser@sysctl.se/cgi/get_history.cgi

Response

json object with status code

Curl

curl -u apiuser@sysctl.se:apipassword -H "CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=" https://deaddrop.domain.se:443/apiuser@sysctl.se/cgi/get_history.cgi

Raw HTML

> GET /testuser@sysctl.se/cgi/get_history.cgi HTTP/1.1
> Authorization: Basic YXBpdXNlckBzeXNjdGwuc2U6YXBpcGFzc3dvcmQ=
> Host: deaddrop.sysctl.se
> Accept: */*
> CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=
> Content-Type: application/json
> 
< HTTP/1.1 200 OK
< Date: Wed, 03 Oct 2018 20:56:49 GMT
< Server: Apache
< Strict-Transport-Security: max-age=15768000
< Content-Security-Policy: default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; child-src 'self'; object-src 'self';
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< X-UA-Compatible: IE=edge
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, must-revalidate
< Expires: 0
< Pragma: no-cache
< Content-Length: 1452
< Content-Type: application/json; charset=utf-8
<
< {"history":[{"deaddrop_type":"downloadfiles","create_time":"1538593281","ttl":"1","receivers":[{"email":"contact@sysctl.se","language":"en","number":"123456789","groups":["sysctl"],"nick":"contact"}],"ddmessage":"You have received this mail because you are allowed to download protected files delivered by the deaddrop service","sender":{"email":"testuser@sysctl.se","number":"46733755989","lang":"sv","first_run":"false","accountType":"perm","change_passwd":"false","settings":{"show_number":"true","show_email":"true","show_lang":"false","show_nick":"true"}},"files":[{"name": "favicon.png", "settings":"[]"}]},{"deaddrop_type":"downloadfiles","create_time":"1538600193","ttl":"1","receivers":[{"email":"testuser@sysctl.se","language":"en","number":"124456789","name":"","groups":["sysctl"],"nick":"testuser"}],"ddmessage":"You have received this mail because you are allowed to download protected files delivered by the deaddrop service","sender":{"email":"testuser@sysctl.se","number":"46733755989","lang":"sv","first_run":"false","accountType":"perm","change_passwd":"false","settings":{"show_number":"true","show_email":"true","show_lang":"false","show_nick":"true"}},"files":[{"name": "exfat.jpg", "settings":"[]"}]}],"live_deaddrops":"1","inbox":[{"ttl":"1","createtime":"1538600197","sender":"testuser@sysctl.se","files":[{"name":"exfat.jpg","settings":"[]"}],"url":"9e025a8b12526ef0eb0f79348abe9342c4cd107a909ddb4cea7ae44ff69890f8"}]}

API - API - 2.10

Download a file

To download a file the JSON data from “get history” must be parsed to get the correct url. This is explained in the data format section.

Description

Request

GET https://deaddrop.syctl.se/apiuser@sysctl.se/9e025a8b12526ef0eb0f79348abe9342c4cd107a909ddb4cea7ae44ff69890f8/files/exfat.jpg

Response

json status

Curl

curl -o exfat.jpg -u apiuser@sysctl.se:apipassword -H "CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=" https://deaddrop.domain.se:443/apiuser@sysctl.se/9e025a8b12526ef0eb0f79348abe9342c4cd107a909ddb4cea7ae44ff69890f8/files/exfat.jpg

Raw HTML

> GET /testuser@sysctl.se/9e025a8b12526ef0eb0f79348abe9342c4cd107a909ddb4cea7ae44ff69890f8/files/exfat.jpg HTTP/1.1
> Authorization: Basic YXBpdXNlckBzeXNjdGwuc2U6YXBpcGFzc3dvcmQ=
> Host: deaddrop.sysctl.se
> Accept: */*
> CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=
> 
< HTTP/1.1 200 OK
< Date: Wed, 03 Oct 2018 19:48:00 GMT
< Server: Apache
< Strict-Transport-Security: max-age=15768000
< Content-Security-Policy: default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; child-src 'self'; object-src 'self';
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< X-UA-Compatible: IE=edge
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, must-revalidate
< Expires: 0
< Pragma: no-cache
< Content-Length: 20
< Content-Type: application/json; charset=utf-8
< 
< [data not shown]

API - API - 2.11

Upload a file

One or more files can be uploaded to deaddrop and in the next step be shared to receivers The upload are using multipart/form-data

Description

Request

POST https://deaddrop.sysctl.se/apiuser@sysctl.se/cgi/upload.cgi
do=upload
file data

Response

json object with status code

Curl

curl -u apiuser@sysctl.se:apipassword -H "CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=" -F do=upload -F file=@/var/deaddrop/html/favicon.png https://deaddrop.sysctl.se/apiuser@sysctl.se/cgi/upload.cgi

Raw HTML

> POST /apiuser@sysctl.se/cgi/upload.cgi HTTP/1.1
> Authorization: Basic YXBpdXNlckBzeXNjdGwuc2U6YXBpcGFzc3dvcmQ=
> Host: deaddrop.sysctl.se
> Accept: */*
> CSRF-Token: 1dJMRBNRMacGnfRzhpgda7Sq7eU=
> Content-Length: 2756
> Expect: 100-continue
> Content-Type: multipart/form-data; boundary=----------------------------9be544cb78fe
>
> data of file
>
< HTTP/1.1 100 Continue
< HTTP/1.1 200 OK
< Date: Wed, 11 Oct 2017 18:55:54 GMT
< Server: Apache
< Strict-Transport-Security: max-age=15768000
< Content-Security-Policy: default-src 'none'; script-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; connect-src 'self'; child-src 'self'; object-src 'self';
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< X-UA-Compatible: IE=edge
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, must-revalidate
< Expires: 0
< Pragma: no-cache
< Transfer-Encoding: chunked
< Content-Type: application/json; charset=utf-8
<
< {"status":"done"}

API - API - 2.12

Data format

deaddrop use json objects and arrays for data communication

contacts and receivers

key value example
email email “email”:”contact@sysctl.se”
number number “number”:”123456789”
language string “language”:”en”
groups array of strings “groups”:[“group1”,”group2”]
nick string “nick”:”nickname”

contact example

{"email":"contact@sysctl.se","number":"123456789","language":"en","groups":["sysctl"],"nick":"contact"}

receiver example

{"email":"contact@sysctl.se","number":"123456789","language":"en","groups":["sysctl"],"nick":"contact"}

create deaddrop

key value example
desttime number “desttime”:1
ddmessage string “ddmessage”:”hello world”

create deaddrop example

{"desttime":1,"ddmessage":"You have received this mail because you are allowed to download protected files delivered by the deaddrop service"}

response message

Response message will be change in the future to be more strict

examples

{"status":"done"}
{"status":"deldone"}
{"status":"ok"}

History response

{
	"history": [{
		"deaddrop_type": "downloadfiles",
		"create_time": "1538593281",
		"ttl": "1",
		"receivers": [{
			"email": "contact@sysctl.se",
			"language": "en",
			"number": "123456789",
			"groups": ["sysctl"],
			"nick": "contact"
		}],
		"ddmessage": "You have received this mail because you are allowed to download protected files delivered by the deaddrop service",
		"sender": {
			"email": "testuser@sysctl.se",
			"number": "46733755989",
			"lang": "sv",
			"first_run": "false",
			"accountType": "perm",
			"change_passwd": "false",
			"settings": {
				"show_number": "true",
				"show_email": "true",
				"show_lang": "false",
				"show_nick": "true"
			}
		},
		"files": [{
			"name": "favicon.png",
			"settings": "[]"
		}]
	}, {
		"deaddrop_type": "downloadfiles",
		"create_time": "1538600193",
		"ttl": "1",
		"receivers": [{
			"email": "testuser@sysctl.se",
			"language": "en",
			"number": "124456789",
			"name": "",
			"groups": ["sysctl"],
			"nick": "testuser"
		}],
		"ddmessage": "You have received this mail because you are allowed to download protected files delivered by the deaddrop service",
		"sender": {
			"email": "testuser@sysctl.se",
			"number": "46733755989",
			"lang": "sv",
			"first_run": "false",
			"accountType": "perm",
			"change_passwd": "false",
			"settings": {
				"show_number": "true",
				"show_email": "true",
				"show_lang": "false",
				"show_nick": "true"
			}
		},
		"files": [{
			"name": "exfat.jpg",
			"settings": "[]"
		}]
	}],
	"live_deaddrops": "1",
	"inbox": [{
		"ttl": "1",
		"createtime": "1538600197",
		"sender": "testuser@sysctl.se",
		"files": [{
			"name": "exfat.jpg",
			"settings": "[]"
		}],
		"url": "9e025a8b12526ef0eb0f79348abe9342c4cd107a909ddb4cea7ae44ff69890f8"
	}]
}

The history part of the json message is an array that shows all deaddrop that has been created

The live_deaddrop is a number of active downloads that exists

The inbox is an array of meta data for every file that can be downloaded.

To download a file specified in the inbox:

example:

https://deaddrop.sysctl.se/testuser@sysctl.se/9e025a8b12526ef0eb0f79348abe9342c4cd107a909ddb4cea7ae44ff69890f8/files/exfat.jpg

The request must include a valid CSRF token.