API
One endpoint. POST your file, get the cleaned file back. Same engine that powers our app — running on Vercel, rate-limited per key, never persisting your content.
Authentication
Every request must include a Bearer token in the Authorization header. Generate keys at /app/settings. The key is shown exactly once at creation — store it in your secret manager and rotate as needed.
API access requires the Plus tier.
curl https://exifsweep.com/api/v1/clean \
-H "Authorization: Bearer ms_live_..." \
-H "Content-Type: image/jpeg" \
--data-binary @photo.jpg \
--output photo-cleaned.jpgPOST /api/v1/clean
Submit a file as the raw request body. Receive the cleaned file bytes back in the response.
Request
| Header | Value |
|---|---|
| Authorization | Bearer ms_live_… |
| Content-Type | image/* · video/* · application/pdf · application/zip |
Response 200
| Header | Description |
|---|---|
| Content-Type | Matches the input |
| X-ExifSweep-Mode | image-strip or video-strip |
| X-ExifSweep-Duration-Ms | Server-side processing time |
Body: the cleaned file bytes.
Examples
curl https://exifsweep.com/api/v1/clean \
-H "Authorization: Bearer $EXIFSWEEP_KEY" \
-H "Content-Type: image/jpeg" \
--data-binary @input.jpg \
--output output.jpgRate limits
The Plus tier includes 50,000 requests per 30-day sliding window per API key. On exceed, the API returns 429 with anX-RateLimit-Reset header pointing to the next reset time (unix ms).
Need more? Contact us at hello@exifsweep.com — custom enterprise quotas available.
Error codes
| Status | code | When |
|---|---|---|
| 400 | empty_body | No bytes in request |
| 401 | unauthorized | Missing Bearer header |
| 401 | invalid_token | Key unknown or revoked |
| 402 | upgrade_required | Key belongs to a non-Plus tier |
| 413 | file_too_large | Exceeds your tier's per-file cap |
| 415 | unsupported_format | Magic-byte check failed |
| 415 | unsupported_content_type | Content-Type header outside allowlist |
| 429 | rate_limited | Monthly quota exhausted |
| 500 | internal | Server error — please retry |
All error responses are JSON: { "error": { "code": "...", "message": "..." } }
Best practices
- · Stream files instead of loading them into memory — both your code and ours are streaming-friendly.
- · Retry only on
500with exponential backoff. Other 4xx codes are deterministic failures. - · Cache the cleaned bytes if you'll send the same input twice in a short window — we don't cache on your behalf.
- · Keep keys in a secret manager (Vault, AWS Secrets, GitHub Secrets). Never commit them.
- · Rotate keys on team-member change. The revoke endpoint takes effect immediately.
Try it
Make a real API request with your key. Need one? Generate at settings.
Need higher quotas or a custom SLA?
Enterprise plans available — get in touch.