How to turn an "/f/"-link into a URL I can download with curl


I just have a basic question:

I have a link of the structure, and I would like to turn it into something that I can download using plain HTTP, e.g. with curl.

Is it possible, and if so, how?


I have a public share there are 3 files in this share

  1. compressed source
  2. md5sum of compressed source

you can download/view them by the link in a normal browser or get the full set with curl like

curl --output

this worked for me with a public share I do not know the significant of domain.tld/s/-link or domain.tld/f/-link

hope this helps let us know how it works for you.

1 Like

The Problem with this is that the “/s/”-link is not password-protected. I can set a password for every file but that is very inconvenient.

I would really like to use the “/f/”-link, if that is possible, which I think it should as that number is the actual “fileId” of the file, accessible by users who are authorized.

I have tried the f link but it seems only valid for internal webbrowser use.

I don’t think you can download the file with this link as for me it opens details of the file or offers me the download option which send the file trough webdav


this again works with

curl -u Username:Password https://cloud.example.tld/remote.php/webdav/filename.ext -o filename ext

maybe someone else has downloaded a file by ID and has any idea.

You are looking for nextcloud-raw :

Raw — Nextcloud raw file server

Raw simply returns any requested file, so you can link directly to a file itself (i.e. without any of NextCloud’s interface around it). This enables you to host static web pages, images or other files, for example to link/embed them elsewhere on the web.

For security and privacy, the content is served with a Content-Security-Policy header. This header instructs browsers to not load any remote content, nor execute any scripts that it may contain (of course, the downside is that your web pages cannot use javascript for interactivity).

It works for textfiles and images out of the box and for videos (e.g. to embed in a website) you have to remove two content security headers.

Use at your own risk (I do :wink: )