Authentication

To interact with the Terabox API programmatically, you must authenticate your requests using specific session tokens. Unlike standard API Key authentication, Terabox relies on browser-based session cookies and dynamic tokens generated by their web application.

Understanding the Tokens

Successful authentication requires three key components:

1. Cookies (ndus): The primary session identifier. This serves the same purpose as a session ID in standard web apps.
2. jsToken: A dynamic security token calculated by the client-side JavaScript. It is required for nearly every read/write operation.
3. bdstoken: A specific token bound to your session, crucial for "Write" operations (Upload, Delete, Rename, Move).

How to Capture Tokens

Since there is no "Generate API Key" button, you must extract these tokens from an active web session.

Step-by-Step Extraction Guide

1. Login: Open your browser, navigate to https://1024terabox.com, and log in to your account.
2. Open DevTools: Press F12 or right-click and select Inspect to open Developer Tools.
3. Network Tab: Switch to the Network tab.
4. Refresh: Reload the page to capture the initialization requests.
5. Filter: In the filter box, type getinfo.
6. Select Request: Click on the request named getinfo (Endpoint: /api/user/getinfo).
7. Extract Values:
   • Cookie: Look at the Request Headers section. Find the Cookie header and copy the value of ndus.
   • jsToken: Look at the Query String Parameters (Payload) section. Copy the jsToken value.
   • bdstoken: Look at the Query String Parameters section. Copy the bdstoken value.

!!! note "Token Expiry" The ndus cookie typically expires after a few days or if you log out. The jsToken and bdstoken are generally stable for the duration of the session but may change if Terabox updates their frontend code.

Implementation

Once you have your tokens, you must include them in your HTTP requests.

• Cookies are sent in the Cookie header.
• Tokens (jsToken, bdstoken) are sent as Query Parameters.

Code Examples

Below are standard boilerplate setups for different languages.

=== "cURL"

```bash
# Verify your tokens are working by fetching user info
curl "https://1024terabox.com/api/user/getinfo?app_id=250528&web=1&channel=dubox&clienttype=0&jsToken=YOUR_JS_TOKEN" \
  -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36" \
  -H "Referer: https://1024terabox.com/main?category=all" \
  -H "Cookie: ndus=YOUR_NDUS_COOKIE; PANWEB=1"
```

=== "Python"

```python
import requests

# 1. Configuration
# Replace these with your actual captured values
SECRETS = {
    'ndus': 'YOUR_NDUS_COOKIE',
    'js_token': 'YOUR_JS_TOKEN',
    'bdstoken': 'YOUR_BDS_TOKEN' # Required for writes
}

# 2. Standard Headers (Mimic a Browser)
HEADERS = {
    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36',
    'Referer': 'https://1024terabox.com/main?category=all',
    'Origin': 'https://1024terabox.com'
}

# 3. Create Session
session = requests.Session()
session.headers.update(HEADERS)
session.cookies.set('ndus', SECRETS['ndus'])
session.cookies.set('PANWEB', '1')

# 4. Define Base Params for convenience
base_params = {
    'app_id': '250528',
    'web': '1',
    'channel': 'dubox',
    'clienttype': '0',
    'jsToken': SECRETS['js_token']
}

# 5. Test Connection
response = session.get('https://1024terabox.com/api/user/getinfo', params=base_params)
if response.status_code == 200:
    print("Authenticated as:", response.json()['records'][0]['uname'])
else:
    print("Authentication Failed")
```

=== "Node.js"

```javascript
const axios = require('axios');

// 1. Configuration
const CONFIG = {
    ndus: 'YOUR_NDUS_COOKIE',
    jsToken: 'YOUR_JS_TOKEN',
    bdstoken: 'YOUR_BDS_TOKEN'
};

// 2. Create Client
const client = axios.create({
    baseURL: 'https://1024terabox.com',
    headers: {
        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36',
        'Referer': 'https://1024terabox.com/main?category=all',
        'Cookie': `ndus=${CONFIG.ndus}; PANWEB=1`
    }
});

// 3. Common Params
const commonParams = {
    app_id: '250528',
    web: '1',
    channel: 'dubox',
    clienttype: '0',
    jsToken: CONFIG.jsToken
};

// 4. Test
async function checkAuth() {
    try {
        const resp = await client.get('/api/user/getinfo', { params: commonParams });
        console.log("Auth Success:", resp.data);
    } catch (err) {
        console.error("Auth Failed:", err.message);
    }
}

checkAuth();
```