> ## Documentation Index > Fetch the complete documentation index at: https://docs.ofauth.com/llms.txt > Use this file to discover all available pages before exploring further. # Create upload session > Create upload session **Permission Required:** `vault:write` ## OpenAPI ````yaml https://api.ofauth.com/openapi.json post /v2/access/uploads/init openapi: 3.1.0 info: title: OFAuth API version: 1.0.0 description: >- OFAuth API including Account, Connections, Link, Access, Dynamic Rules, Vault+, and Realtime webhook contracts contact: email: support@ofauth.com url: https://ofauth.com/ servers: - url: https://api.ofauth.com security: - ApiKey: [] tags: - name: Account description: Account management endpoints. - name: Connections description: Connection management endpoints. - name: Link description: Link authentication and session endpoints. - name: Access description: All Access related endpoints. - name: Analytics description: 'Access: charts, tops, and performance metrics.' - name: Earnings description: 'Access: earnings charts, transactions, and chargebacks.' - name: Messages description: 'Access: messaging, chats, queue, and mass messaging.' - name: Posts description: 'Access: create, edit, list, and manage posts.' - name: Promotions description: 'Access: promotions, trials, and bundles.' - name: Users description: 'Access: user profiles, subscriptions, and actions.' - name: Vault description: 'Access: vault folders, media, and management.' - name: Upload description: 'Access: media upload and processing.' - name: Self description: 'Access: authenticated account details and settings.' - name: Stories description: 'Access: stories listing and management.' - name: Subscriptions description: 'Access: subscription offers, discounts, and management.' - name: Realtime description: >- Realtime webhook delivery contracts, including relayed OnlyFans websocket events. - name: Dynamic Rules description: Dynamic signing rules operations. - name: Vault+ description: Vault+ caching and management. externalDocs: description: OFAuth Developer Documentation url: https://docs.ofauth.com paths: /v2/access/uploads/init: post: tags: - Upload summary: Create upload session description: |- Create upload session **Permission Required:** `vault:write` requestBody: content: application/json: schema: type: object properties: filename: type: string minLength: 1 description: Name of the file to upload size: type: integer minimum: 0 exclusiveMinimum: true description: File size in bytes contentType: type: string minLength: 1 description: MIME type of the file (e.g., image/jpeg, video/mp4) vaultUpload: type: object properties: mode: type: string enum: - message default: message description: Upload mode userId: type: string nullable: true minLength: 1 description: Target user ID for the upload description: Options for vault upload (if uploading to vault) required: - filename - size - contentType responses: '200': description: Successful response content: application/json: schema: type: object properties: mediaUploadId: type: string uploadType: type: string enum: - single - multipart totalParts: type: integer minimum: 0 exclusiveMinimum: true partSize: type: integer minimum: 0 exclusiveMinimum: true expiresAt: type: string parts: type: array items: type: object properties: partNumber: type: integer minimum: 0 exclusiveMinimum: true uploadUrl: type: string format: uri byteRange: type: object properties: start: type: integer minimum: 0 end: type: integer minimum: 0 required: - start - end required: - partNumber - uploadUrl - byteRange completeUrl: type: string format: uri required: - mediaUploadId - uploadType - totalParts - partSize - expiresAt - parts '400': description: Bad Request '401': description: Unauthorized '403': description: Forbidden '429': description: Rate Limit Exceeded '500': description: Internal Server Error '502': description: Bad Gateway deprecated: true security: - ApiKey: [] ConnectionId: [] components: securitySchemes: ApiKey: type: apiKey name: apiKey in: header description: >- Your OFAuth [API key](/quickstart#2-copy-your-api-key) for authenticating requests. ConnectionId: type: apiKey name: x-connection-id in: header description: >- Requires a [connection](/guides/connections) via the x-connection-id header. ````