Home Endpoints Authentication WebSocket SDK Swagger UI

REST API
Documentation

Build powerful integrations with Nuto Office. Create, edit, convert documents and enable real-time collaboration — all through a simple REST API.

Explore Endpoints Swagger UI
18
REST Endpoints
8
WebSocket Methods
12
File Formats
Quick Start 
# 1. Get your API token
curl -X POST https://nuto.thamming.com/api/auth/token \
  -H "Content-Type: application/json" \
  -d '{
    "apiKey": "your-api-key",
    "secret": "your-secret"
  }'

# 2. Create a document
curl -X POST https://nuto.thamming.com/api/documents \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "title": "My Report",
    "type": "Docs",
    "format": "DOCX"
  }'

# Response:
{ "id": "a1b2c3...", "title": "My Report" }
API OVERVIEW

Endpoint Categories

Base URL: https://nuto.thamming.com/api

Authentication

API Key management, JWT token generation and validation

3 endpoints

Documents

CRUD operations, upload, download, and format conversion

8 endpoints

Versions

Version history and point-in-time restore

2 endpoints

Templates

16 pre-built templates for Docs, Sheet, and Slide

2 endpoints

Collaboration

Real-time session management and presence indicators

2 endpoints

Embed / External

Generate scoped embed config for iframe integration

1 endpoint
AUTHENTICATION

JWT Bearer Token

Authenticate in 3 simple steps. Tokens expire after 60 minutes by default.

1

Create API Key

Register an API client to get your key and secret

POST /auth/api-keys
2

Get JWT Token

Exchange API key + secret for a bearer token

POST /auth/token
3

Use Token

Add the token to your request headers

Authorization: Bearer ...
# Step 1: Create API Key (one-time setup)
curl -X POST https://nuto.thamming.com/api/auth/api-keys \
  -H "Content-Type: application/json" \
  -d '{
    "name": "My App",
    "permissions": ["documents:read", "documents:write", "collaboration:join"]
  }'

# Response: { "apiKey": "nuto_ak_xxx", "secret": "nuto_sk_xxx" }
# *** Save the secret — it won't be shown again ***

# Step 2: Generate JWT Token
curl -X POST https://nuto.thamming.com/api/auth/token \
  -H "Content-Type: application/json" \
  -d '{ "apiKey": "nuto_ak_xxx", "secret": "nuto_sk_xxx" }'

# Response: { "token": "eyJhbG...", "expiresAt": "2026-01-15T11:30:00Z" }

# Step 3: Use the token
curl https://nuto.thamming.com/api/documents \
  -H "Authorization: Bearer eyJhbG..."
// Step 1: Create API Key (one-time)
const keyRes = await fetch('https://nuto.thamming.com/api/auth/api-keys', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({
    name: 'My App',
    permissions: ['documents:read', 'documents:write']
  })
});
const { apiKey, secret } = await keyRes.json();

// Step 2: Get JWT Token
const authRes = await fetch('https://nuto.thamming.com/api/auth/token', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({ apiKey, secret })
});
const { token } = await authRes.json();

// Step 3: Use the token
const docs = await fetch('https://nuto.thamming.com/api/documents', {
  headers: { 'Authorization': `Bearer ${token}` }
}).then(r => r.json());
import requests

# Step 1: Create API Key (one-time)
key_res = requests.post(
    "https://nuto.thamming.com/api/auth/api-keys",
    json={
        "name": "My App",
        "permissions": ["documents:read", "documents:write"]
    }
)
api_key = key_res.json()["apiKey"]
secret  = key_res.json()["secret"]

# Step 2: Get JWT Token
auth_res = requests.post(
    "https://nuto.thamming.com/api/auth/token",
    json={"apiKey": api_key, "secret": secret}
)
token = auth_res.json()["token"]

# Step 3: Use the token
headers = {"Authorization": f"Bearer {token}"}
docs = requests.get(
    "https://nuto.thamming.com/api/documents",
    headers=headers
).json()
API REFERENCE

All Endpoints

Click an endpoint to see request/response details and code examples.

Authentication

POST /auth/api-keys Create a new API key

Request Body

FieldTypeDescription
namerequiredstringAPI client name (1-200 chars)
permissionsrequiredstring[]e.g. documents:read, documents:write, collaboration:join

Response 201

FieldTypeDescription
iduuidAPI Client ID
namestringClient name
apiKeystringGenerated API key
secretstringSecret (shown once only)
permissionsstring[]Assigned permissions
createdAtdatetimeCreation timestamp
201 Created 400 Validation Error
POST /auth/token Generate JWT token

Request Body

FieldTypeDescription
apiKeyrequiredstringYour API key
secretrequiredstringYour API secret

Response 200

FieldTypeDescription
tokenstringJWT bearer token
expiresAtdatetimeExpiration time (default 60 min)
200 OK 401 Invalid Credentials
GET /auth/validate Validate current token

Headers

HeaderValueDescription
AuthorizationrequiredBearer {token}JWT token

Response 200

FieldTypeDescription
clientIdstringClient ID from token
namestringClient name
permissionsstring[]Assigned permissions
isValidbooleanToken validity
expiresAtdatetime?Expiration time
200 Valid 401 Invalid/Expired

Documents

POST /documents Create new document

Request Body

FieldTypeDescription
titlerequiredstringDocument title (1-500 chars)
typerequiredDocTypeDocs | Sheet | Slide
formatrequiredDocFormatDOCX, XLSX, PPTX, etc.
Example Response
{
  "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
  "title": "My Report",
  "type": "Docs",
  "format": "DOCX",
  "createdAt": "2026-01-15T10:30:00Z",
  "updatedAt": "2026-01-15T10:30:00Z",
  "fileSize": 0
}
201 Created 400 Validation Error
GET /documents List documents with pagination

Query Parameters

ParamTypeDescription
typeoptionalDocTypeFilter: Docs, Sheet, Slide
searchoptionalstringFree-text search on title
sortByoptionalstringField to sort by
sortDescendingoptionalboolDefault: true
skipoptionalintOffset, default: 0
takeoptionalintLimit, default: 20
200 OK
GET/documents/{id}Get document by ID

Path Parameters

ParamTypeDescription
idrequireduuidDocument ID
200 OK404 Not Found
PUT/documents/{id}Update document title/content

Request Body

FieldTypeDescription
titleoptionalstringNew title (max 500 chars)
jsonContentoptionalstringEditor JSON content

A version snapshot is created automatically on each update.

200 OK400 Validation Error404 Not Found
DELETE/documents/{id}Soft-delete document

Soft-deletes the document. Data is preserved and can potentially be recovered.

204 No Content404 Not Found
POST/documents/uploadUpload document file

Request

multipart/form-data — Supports DOCX, XLSX, PPTX, PDF, TXT, CSV, MD, HTML, RTF, ODT, ODS, ODP

cURL Example
curl -X POST https://nuto.thamming.com/api/documents/upload \
  -H "Authorization: Bearer <token>" \
  -F "file=@report.docx"
201 Created400 Unsupported Format
GET/documents/{id}/downloadDownload document file

Query Parameters

ParamTypeDescription
formatoptionalDocFormatTarget format (original if omitted)

Returns binary file stream with Content-Type and Content-Disposition headers.

200 File Stream404 Not Found
POST/documents/{id}/convertConvert document format

Request Body

FieldTypeDescription
targetFormatrequiredDocFormate.g. PDF, CSV, HTML

Original document remains unchanged. Returns converted file as download.

200 File Stream400 Unsupported404 Not Found

Document Versions

GET/documents/{id}/versionsList version history

Response 200

FieldTypeDescription
versions[].iduuidVersion ID
versions[].versionNumberintVersion sequence number
versions[].createdAtdatetimeCreation timestamp
versions[].createdBystringAuthor
versions[].changeDescriptionstring?Description of changes
POST/documents/{id}/versions/{versionNumber}/restoreRestore a previous version

Current state is automatically saved as a new version before restoring. No data is lost.

200 Restored404 Not Found

Templates

GET/documents/templatesList available templates

Returns 16 templates across categories: Basic, Business, Finance, Education, Personal

Response 200

FieldTypeDescription
templates[].idstringTemplate ID (e.g. doc-report)
templates[].namestringDisplay name
templates[].typestringDocs, Sheet, Slide
templates[].categorystringTemplate category
POST/documents/from-templateCreate document from template

Request Body

FieldTypeDescription
templateIdrequiredstringTemplate ID from list endpoint
titleoptionalstringCustom title (uses template default if omitted)
201 Created400 Invalid Template

Collaboration

POST/collaboration/joinJoin collaboration session

Request Body

FieldTypeDescription
documentIdrequireduuidDocument to join
userIdrequiredstringUnique user ID
userNamerequiredstringDisplay name (1-100 chars)

Response 200

FieldTypeDescription
sessionIduuidSession ID
userColorstringAssigned hex color
activeUsersarrayCurrently active users
200 Joined404 Doc Not Found
GET/collaboration/{documentId}/statusGet session status

Response 200

FieldTypeDescription
documentIduuidDocument ID
activeUserCountintNumber of active users
activeUsersarrayUser details with colors

Embed / External

POST/external/embedGet embed configuration

Request Body

FieldTypeDescription
documentIdrequireduuidDocument to embed
permissionsrequiredstring[]view, edit, comment

Response 200

FieldTypeDescription
urlstringEmbed iframe URL
tokenstringScoped JWT (24h expiry)
permissionsstring[]Granted permissions
expiresAtdatetimeToken expiration
200 OK404 Doc Not Found
REAL-TIME

WebSocket / SignalR Hub

Real-time collaboration powered by Yjs CRDT over SignalR. Connect to wss://nuto.thamming.com/hubs/document

Send JoinDocument

Join a document room for receiving/sending changes

Send LeaveDocument

Leave a document room

Send SendUpdate

Send Yjs binary update (Base64 encoded)

Send RequestFullState

Request full Yjs state for initial sync

Send SendAwareness

Broadcast cursor position and presence

Send GetOnlineUsers

Get list of connected users

Event Server Events

ReceiveUpdate, UserJoined, UserLeft, and more

Live Example 
// Connect to SignalR hub
import * as signalR from '@microsoft/signalr';

const connection = new signalR.HubConnectionBuilder()
  .withUrl('https://nuto.thamming.com/hubs/document')
  .withAutomaticReconnect()
  .build();

await connection.start();

// Join a document room
await connection.invoke(
  'JoinDocument',
  'doc-id-here',    // documentId
  'John Doe',       // userName (optional)
  '#FF6B6B'         // userColor (optional)
);

// Listen for other users joining
connection.on('UserJoined', (connId) => {
  console.log(`User joined: ${connId}`);
});
FILE FORMATS

12 Supported Formats

Upload, download, and convert between all major office document formats.

.docx Word
.xlsx Excel
.pptx PowerPoint
.pdf PDF
.html HTML
.txt Text
.csv CSV
.md Markdown
.rtf RTF
.odt OD Text
.ods OD Sheet
.odp OD Slide
INTEGRATION

Multiple Ways to Integrate

Choose the integration method that fits your stack.

SDK JavaScript / TypeScript 
import { NutoEditor } from '@nutooffice/sdk';

const editor = new NutoEditor('editor-container', {
  serverUrl: 'https://nuto.thamming.com',
  documentId: 'your-document-id',
  type: 'docs',
  token: 'your-jwt-token',
  callbacks: {
    onReady: () => console.log('Ready!'),
    onSave:  (data) => console.log('Saved'),
  },
});
REST cURL / Any Language 
# Create doc, upload, convert — in 3 calls

curl -X POST .../api/documents \
  -H "Authorization: Bearer <token>" \
  -d '{"title":"Report","type":"Docs","format":"DOCX"}'

curl -X POST .../api/documents/upload \
  -H "Authorization: Bearer <token>" \
  -F "file=@report.docx"

curl -X POST .../api/documents/{id}/convert \
  -d '{"targetFormat":"PDF"}' -o report.pdf
Embed iframe Integration 
<!-- Embed in any web page -->
<iframe
  src="https://nuto.thamming.com/embed/docs/{id}
       ?token={jwt}"
  width="100%"
  height="600"
  frameborder="0"
  allowfullscreen
></iframe>

<!-- Permissions: view, edit, comment -->
<!-- Token expires after 24 hours -->

Start Building with Nuto API

Create documents, enable real-time collaboration, and convert files — all through a simple REST API.

Open Swagger UI View Source Code
Home Live Demo Feedback