Enterprise storage APIs · Managed backend

Simple storage APIs.
Enterprise-grade backend.

Sporage gives your applications an Azure-Blob-style REST API for files, folders, and metadata — while your data lives on governed, enterprise storage that we manage end-to-end. No cloud accounts to set up. Just an API key.

curl -X POST "http://localhost:3000/api/v1/containers/contracts/files" \
  -H "X-API-Key: sk_live_..." \
  -F "file=@agreement.pdf"

{ "success": true,
  "data": { "file": { "id": "file_8fK2...", "name": "agreement.pdf" } },
  "requestId": "req_a1b2c3" }

How it works

Your application talks to our REST API. We handle authentication, tenant isolation, quotas, and the entire storage backend behind the scenes.

1 · Authenticate

Your app sends its API key. We resolve your account, containers, permissions, and quotas — no Entra ID or Microsoft 365 accounts required.

2 · Use logical containers

Work with named containers like contracts or invoices. Storage-backend identifiers, paths, and internal IDs stay hidden.

3 · We handle the backend

The platform translates every operation into governed calls against your dedicated managed storage.

Storage API features

Files

Upload, download, rename, copy, move, and delete files with clean REST endpoints and consistent JSON envelopes.

Folders & listings

Create folders, list children, paginate with cursors, filter by type and name, sort by name, size, or date.

Metadata

Read system metadata and attach your own custom keys per file — schemas configured per container.

Async jobs

Copy operations run as jobs with a polling endpoint — no waiting on long-running requests.

Isolation & quotas

Hard customer isolation, per-account quotas, per-key permissions and rate limits, enforced before any byte is written.

Auditability

Every operation is logged with request IDs, durations, and outcomes — ready for your compliance reviews.

Security by design

  • API keys are hashed with HMAC-SHA-256 — the full key is shown once and never stored or logged.
  • Backend tokens, storage paths, and internal item IDs never leave the platform. Customers only ever see opaque public IDs.
  • Every lookup is scoped to your customer, storage account, and container — cross-tenant access is structurally impossible.
  • Per-key permissions, IP allowlists, expiry dates, rate limiting, and full audit logging from day one.

Developer-first

One key. One base URL. Predictable JSON.

Versioned endpoints under /api/v1, stable error codes, request IDs on every response, idempotency keys for writes, and an OpenAPI 3.1 spec you can generate clients from.

Ready to build on Sporage?

Tell us about your storage needs and we'll set up your account, containers, and API keys.