Filed: Manage Minecraft Server Files Remotely via REST API

Filed for Minecraft is a PaperMC plugin that provides secure REST API access to server files. Download Filed to read, create, delete, and modify configs with token auth and path whitelisting.

Download filed for Minecraft 1.21.11

Original name: filed

Minecraft: 1.21.11

Loaders: Forge

FileMCLoaderSize
filed-0.1.0.jar1.21.11Forge11.0 МБDownload

Filed

Server administration often requires direct access to configuration files, logs, and world data. Filed for Minecraft transforms this process by exposing a lightweight REST API directly from your PaperMC server. With token-based authentication and strict path whitelisting, you can safely read, create, delete, and modify server files without ever needing FTP or console access.

What is Filed?

Filed is a server-side plugin designed for PaperMC that bridges the gap between your Minecraft server’s file system and external tools. It runs an HTTP server on a configurable port, allowing authorized clients to interact with files through simple REST endpoints. Whether you need to check server.properties, update a plugin configuration, or retrieve player statistics from the world folder, Filed makes it possible with a few API calls.

Key Features of Filed for Minecraft

  • REST API Endpoints: Perform CRUD operations on files using standard HTTP methods.
  • Token Authentication: Every request requires a bearer token, ensuring only authorized users can access the API.
  • Path Whitelisting: Define exactly which files and directories are accessible, preventing unauthorized access to sensitive areas.
  • File Size Limits: Set a maximum file size to prevent memory exhaustion from large files.
  • Symlink Protection: The plugin rejects symlinks that resolve outside the server root, blocking directory traversal attacks.
  • Health Check Endpoint: A simple GET request to /health confirms the API is running without authentication.

How to Install Filed

Installing Filed is straightforward. First, ensure your server runs PaperMC (or a compatible fork). Then, download Filed from a trusted source and place the JAR file into your server's plugins/ directory. Restart the server to generate the default configuration. If you use a launcher like foxygame.net, you can often find Filed in the built-in plugin library and install it with a single click, streamlining the process and keeping the plugin automatically updated.

Configuration Basics

After the first run, open plugins/Filed/config.yml. Here you can set the API port, maximum allowed file size, and the whitelist of allowed paths. A typical configuration looks like this:

  • port: 9847 (the HTTP port for the API)
  • maximum_allowed_file_size: 1000000 (in bytes)
  • allowed:
    • files: - "server.properties"
    • directories: - "world/stats"

All paths are relative to the server root. Only the files and directories listed here will be accessible through the API.

Generating and Using Tokens

Security is at the core of Filed. To generate an API token, run the command /filed generate <name> in the server console or in-game with operator permissions. The token is displayed only once, so copy it immediately. Include it in every API request as an Authorization header: Bearer your-token-here. Tokens are hashed before storage, so even if the token file is compromised, the original tokens cannot be recovered.

API Endpoints in Detail

Filed offers a clean REST interface. Here are the primary operations:

  • Read a file: GET /files?path=server.properties&content=true. Set content=false to retrieve only metadata.
  • Write or overwrite a file: PUT /files?path=config.yml with the new content in the request body. The parent directory must exist.
  • Delete a file: DELETE /files?path=old_data.txt. Only files can be deleted, not directories.
  • Health check: GET /health returns {"message":"ok"} without authentication.

All responses are in JSON format. Errors return a clear message and an appropriate HTTP status code, such as 401 for missing tokens or 403 for forbidden paths.

Why Use Filed for Minecraft?

Managing server files remotely becomes essential for large networks or when you need to automate tasks. Filed for Minecraft allows you to integrate file operations into custom dashboards, Discord bots, or monitoring tools. The token-based auth and path whitelisting ensure that even if the API is exposed, only predefined files can be accessed. This plugin is lightweight, easy to configure, and focuses on doing one job well. For server owners who already use the foxygame.net launcher, adding Filed means you can manage server configurations directly from the launcher’s interface, saving time and reducing the risk of manual errors.

Security Best Practices

Always use a strong, randomly generated token. Restrict the allowed paths to the absolute minimum required. Consider running the API on a localhost-only port and using a reverse proxy with HTTPS if external access is needed. Regularly review the token file and revoke unused tokens by removing them from the configuration. Filed’s built-in symlink protection and path normalization prevent common traversal attacks, but proper network security remains your responsibility.

Conclusion

Filed is a powerful yet simple plugin that brings REST API functionality to your Minecraft server’s file system. With easy installation, robust authentication, and fine-grained access control, it is an essential tool for server administrators who need remote file management. Whether you download Filed manually or use a launcher like foxygame.net to handle the setup, you will gain a secure and efficient way to interact with your server files programmatically.

Author: KlamrFox

Related Articles