Upload a New File to the Root of the Storage disk.storage.uploadfile
If you are developing integrations for Bitrix24 using AI tools (Codex, Claude Code, Cursor), connect to the MCP server so that the assistant can utilize the official REST documentation.
Scope:
diskWho can execute the method: a user with "Add" access permission for the required storage
The method disk.storage.uploadfile uploads a new file to the root of the storage.
Method Parameters
Required parameters are marked with *
|
Name |
Description |
|
id* |
Identifier of the storage where the file needs to be uploaded. The identifier can be obtained using the method disk.storage.getlist |
|
data* |
An array with the field |
|
fileContent* |
An array containing the file name and a string with Base64 |
|
rights |
An array of access permissions for the uploaded file in the format
User categories:
The list of available |
|
generateUniqueName |
Generate a unique file name if a file with that name already exists. For example, file (1).docx. Possible values:
Default is |
Code Examples
How to Use Examples in Documentation
curl -X POST \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-d '{"id":1357,"data":{"NAME":"picture.png"},"fileContent":["picture.png","iVBORw0KGgoAAAANSUhEUgAAAD4AAABDCAYAAADEfbZbAAAACXBIWXMAABJ0AAASdAHeZh94...RK5CYII="],"generateUniqueName":true,"rights":[{"TASK_ID":79,"ACCESS_CODE":"U1271"}]}' \
https://**put_your_bitrix24_address**/rest/**put_your_user_id_here**/**put_your_webhook_here**/disk.storage.uploadfile
curl -X POST \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-d '{"id":1357,"data":{"NAME":"picture.png"},"fileContent":["picture.png","iVBORw0KGgoAAAANSUhEUgAAAD4AAABDCAYAAADEfbZbAAAACXBIWXMAABJ0AAASdAHeZh94...RK5CYII="],"generateUniqueName":true,"rights":[{"TASK_ID":79,"ACCESS_CODE":"U1271"}],"auth":"**put_access_token_here**"}' \
https://**put_your_bitrix24_address**/rest/disk.storage.uploadfile
try
{
const response = await $b24.callMethod(
'disk.storage.uploadfile',
{
id: 1357,
data: {
NAME: 'picture.png'
},
fileContent: [
'picture.png',
'iVBORw0KGgoAAAANSUhEUgAAAD4AAABDCAYAAADEfbZbAAAACXBIWXMAABJ0AAASdAHeZh94...RK5CYII='
],
generateUniqueName: true,
rights: [
{
TASK_ID: 79,
ACCESS_CODE: 'U1271'
}
]
}
);
const result = response.getData().result;
console.log('Uploaded file:', result);
processResult(result);
}
catch( error )
{
console.error('Error:', error);
}
try {
$response = $b24Service
->core
->call(
'disk.storage.uploadfile',
[
'id' => 1357,
'data' => [
'NAME' => 'picture.png'
],
'fileContent' => [
'picture.png',
'iVBORw0KGgoAAAANSUhEUgAAAD4AAABDCAYAAADEfbZbAAAACXBIWXMAABJ0AAASdAHeZh94...RK5CYII='
],
'generateUniqueName' => true,
'rights' => [
[
'TASK_ID' => 79,
'ACCESS_CODE' => 'U1271'
]
]
]
);
$result = $response
->getResponseData()
->getResult();
echo 'Success: ' . print_r($result, true);
processData($result);
} catch (Throwable $e) {
error_log($e->getMessage());
echo 'Error uploading file: ' . $e->getMessage();
}
BX24.callMethod(
"disk.storage.uploadfile",
{
id: 1357,
data: {
NAME: "picture.png"
},
fileContent: [
'picture.png',
'iVBORw0KGgoAAAANSUhEUgAAAD4AAABDCAYAAADEfbZbAAAACXBIWXMAABJ0AAASdAHeZh94...RK5CYII=',
],
generateUniqueName: true,
rights: [
{
TASK_ID: 79,
ACCESS_CODE: 'U1271'
}
]
},
function (result)
{
if (result.error())
console.error(result.error());
else
console.dir(result.data());
}
);
require_once('crest.php');
$result = CRest::call(
'disk.storage.uploadfile',
[
'id' => 1357,
'data' => [
'NAME' => 'picture.png'
],
'fileContent' => [
'picture.png',
'iVBORw0KGgoAAAANSUhEUgAAAD4AAABDCAYAAADEfbZbAAAACXBIWXMAABJ0AAASdAHeZh94...RK5CYII='
],
'generateUniqueName' => true,
'rights' => [
[
'TASK_ID' => 79,
'ACCESS_CODE' => 'U1271'
]
]
]
);
echo '<PRE>';
print_r($result);
echo '</PRE>';
Response Handling
HTTP Status: 200
{
"result": {
"ID": 9035,
"NAME": "picture.png",
"CODE": null,
"STORAGE_ID": "1357",
"TYPE": "file",
"PARENT_ID": "8875",
"DELETED_TYPE": 0,
"GLOBAL_CONTENT_VERSION": 1,
"FILE_ID": 32895,
"SIZE": "1679",
"CREATE_TIME": "2026-02-02T16:01:59+02:00",
"UPDATE_TIME": "2026-02-02T16:01:59+02:00",
"DELETE_TIME": null,
"CREATED_BY": "1269",
"UPDATED_BY": "1269",
"DELETED_BY": null,
"DOWNLOAD_URL": "https://test.bitrix24.com/rest/download.json?auth=b8d880690000071b006e2cf2000004f50000078dbaf74c54ad1b4e4205aba7ab57a395&token=disk%7CaWQ9OTAzNSZfPWU5eXpWQXpsVmJrdFE0OTJ3azBKQzNFVFVMek5UMTRU%7CImRvd25sb2FkfGRpc2t8YVdROU9UQXpOU1pmUFdVNWVYcFdRWHBzVm1KcmRGRTBPVEozYXpCS1F6TkZWRlZNZWs1VU1UUlV8YjhkODgwNjkwMDAwMDcxYjAwNmUyY2YyMDAwMDA0ZjUwMDAwMDc4ZGJhZjc0YzU0YWQxYjRlNDIwNWFiYTdhYjU3YTM5NSI%3D.DJafMz5LAuRzlGbCxNLoGiCleoFwz1qGyj4iPf7n110%3D",
"DETAIL_URL": "https://test.bitrix24.com/company/personal/user/1269/disk/file/picture.png"
},
"time": {
"start": 1770051719,
"finish": 1770051719.707384,
"duration": 0.7073841094970703,
"processing": 0,
"date_start": "2026-02-02T16:01:59+02:00",
"date_finish": "2026-02-02T16:01:59+02:00",
"operating_reset_at": 1770052319,
"operating": 0.34273815155029297
}
}
Returned Data
|
Name |
Description |
|
result |
An array with file fields |
|
ID |
Identifier of the file |
|
NAME |
Name of the file |
|
CODE |
Symbolic code of the file |
|
STORAGE_ID |
Identifier of the storage where the file is located |
|
TYPE |
Type of the object |
|
PARENT_ID |
Identifier of the parent folder |
|
DELETED_TYPE |
Deletion status of the object. Possible values:
|
|
GLOBAL_CONTENT_VERSION |
Incremental version counter of the file |
|
FILE_ID |
Internal value of the file identifier |
|
SIZE |
Size of the file in bytes |
|
CREATE_TIME |
Date and time of file creation |
|
UPDATE_TIME |
Date and time of the last file update |
|
DELETE_TIME |
Date and time the file was moved to the trash |
|
CREATED_BY |
Identifier of the user who created the file |
|
UPDATED_BY |
Identifier of the user who made the last change |
|
DELETED_BY |
Identifier of the user who deleted the file |
|
DOWNLOAD_URL |
Link to download the file |
|
DETAIL_URL |
Link to open the file in the interface |
|
time |
Information about the execution time of the request |
Error Handling
HTTP Status: 400
{
"error":"ERROR_NOT_FOUND",
"error_description":"Could not find entity with id `X`"
}
|
Name |
Description |
|
error |
String error code. It may consist of digits, Latin letters, and underscores |
|
error_description |
Textual description of the error. The description is not intended to be shown to the end user in its raw form |
Possible Error Codes
|
Code |
Description |
Value |
|
|
Invalid value of parameter |
Required parameter not specified |
|
|
Could not find entity with id |
Storage with the specified |
|
|
Error: required parameter NAME (DISK_BASE_SERVICE_22001) |
Required parameter |
|
|
Could not save file |
Failed to save the file. Check available space on the Drive and the correctness of the data encoding |
|
— |
Invalid rights format |
Invalid format of the |
|
|
Access denied |
Insufficient permissions to add the file |
Statuses and System Error Codes
HTTP Status: 20x, 40x, 50x
The errors described below may occur when calling any method.
|
Status |
Code |
Description |
|
|
|
An internal server error has occurred. Please contact the server administrator or Bitrix24 technical support |
|
|
|
An internal server error has occurred. Please contact the server administrator or Bitrix24 technical support |
|
|
|
The request intensity limit has been exceeded |
|
|
|
The current method is not permitted for calls using batch |
|
|
|
The maximum length of parameters passed to the batch method has been exceeded |
|
|
|
Invalid access token or webhook code |
|
|
|
The HTTPS protocol is required for method calls |
|
|
|
The REST API is blocked due to overload. This is a manual individual block; please contact Bitrix24 technical support to lift it |
|
|
|
The REST API is only available on commercial plans |
|
|
|
The user associated with the access token or webhook used to call the method lacks the necessary permissions |
|
|
|
The manifest is not available |
|
|
|
The request requires higher privileges than those provided by the webhook token |
|
|
|
The provided access token has expired |
|
|
|
The user does not have access to the application. This means that the application is installed, but the portal administrator has restricted access to this application to specific users only |
|
|
|
The public part of the site is closed. To open the public part of the site on an on-premise installation, disable the "Temporary closure of the public part of the site" option. Path to the setting: Desktop > Settings > Product Settings > Module Settings > Main Module > Temporary closure of the public part of the site |
Continue Learning
- Create a Folder in the Root of the Storage disk.storage.addfolder
- Get a list of files and folders in the root of the storage disk.storage.getchildren
- Get Description of Storage Fields disk.storage.getfields
- Get Application Storage Description disk.storage.getforapp
- Get a List of Available Storages disk.storage.getlist
- Get Storage Types disk.storage.gettypes
- Get Storage Description disk.storage.get
- Rename Application Storage disk.storage.rename