Web app

Day-to-day use of the browser UI - files, sharing, account security, and API keys.

Signing in

Use the username and password issued by your admin (or the bootstrap admin from setup). Sessions use HttpOnly cookies - tokens are not stored in localStorage.

If your account has TOTP enabled, login asks for an authenticator code (or backup code) after the password step.

Files and folders

At-risk badges

When actual copies are below the tier target but at least one copy exists, files show an at-risk state (e.g. 3/4 copies). Detail panels list missing drives and retry info. Acknowledge warnings when the UI asks before dismissing them.

Storage widget

Shows raw free space across drives and effective free after replication planning. Prefer effective free when deciding whether an upload will fit.

Sharing

Trash

Deleted items go to trash and can be restored. Emptying trash permanently removes blob copies in the background.

Account settings

API keys

If your admin enables API keys, you can create keys scoped read or read-write (optional expiry). Keys use Authorization: Bearer and skip CSRF. Treat them like passwords.

Media and search

Depending on your deployment, the UI may include photo/media browsing, file search, and in-browser viewers (including archives and spreadsheets). Features available to you depend on folder permissions and admin configuration.

Related: Concepts ยท Sync client