📱 Get API Access

🎯 Professional API Documentation

Secure, authenticated access to Terabox Ultra HD streaming links with enterprise-grade security

🔒

HMAC-SHA256

Military-grade encryption

Ultra HD Quality

Best streaming quality

📊

Usage Analytics

Track your API usage

🚀

Rate Limiting

As per your plan

🔐 Authentication

📌 Required Headers: Every request must include X-API-Key, X-Signature, and X-Timestamp headers

How to Create Signature:

Python 
import hmac
import hashlib
import time
import json
import requests

API_KEY = "tbx_your_api_key"
API_SECRET = "your_api_secret"
BASE_URL = "https://api.mswpresents.tech"

def create_signature(api_secret, timestamp, body):
    """Create HMAC-SHA256 signature"""
    # IMPORTANT: No spaces after separators!
    body_str = json.dumps(body, separators=(',', ':'), sort_keys=True)
    message = f"{timestamp}:{body_str}"
    signature = hmac.new(
        api_secret.encode(),
        message.encode(),
        hashlib.sha256
    ).hexdigest()
    return signature

def get_link(terabox_url):
    timestamp = int(time.time())
    body = {"url": terabox_url}
    signature = create_signature(API_SECRET, timestamp, body)

    headers = {
        "X-API-Key": API_KEY,
        "X-Signature": signature,
        "X-Timestamp": str(timestamp),
        "Content-Type": "application/json"
    }

    # IMPORTANT: Send raw JSON string to match signature
    body_str = json.dumps(body, separators=(',', ':'), sort_keys=True)

    response = requests.post(
        f"{BASE_URL}/api/v1/terabox/get-link",
        data=body_str,  # Use data= with raw string, not json=
        headers=headers
    )
    return response.json()

# Example usage
result = get_link("https://terabox.com/s/1example")
print(result)
Node.js 
const crypto = require('crypto');
const axios = require('axios');

const API_KEY = 'tbx_your_api_key';
const API_SECRET = 'your_api_secret';
const BASE_URL = 'https://api.mswpresents.tech';

function createSignature(apiSecret, timestamp, body) {
    const bodyStr = JSON.stringify(body);
    const message = `${timestamp}:${bodyStr}`;
    const signature = crypto
        .createHmac('sha256', apiSecret)
        .update(message)
        .digest('hex');
    return signature;
}

async function getLink(teraboxUrl) {
    const timestamp = Math.floor(Date.now() / 1000);
    const body = { url: teraboxUrl };
    const signature = createSignature(API_SECRET, timestamp, body);

    const headers = {
        'X-API-Key': API_KEY,
        'X-Signature': signature,
        'X-Timestamp': timestamp.toString(),
        'Content-Type': 'application/json'
    };

    try {
        const response = await axios.post(
            `${BASE_URL}/api/v1/terabox/get-link`,
            body,
            { headers }
        );
        return response.data;
    } catch (error) {
        console.error('Error:', error.response?.data || error.message);
        throw error;
    }
}

// Example usage
getLink('https://terabox.com/s/1example')
    .then(result => console.log(result))
    .catch(error => console.error(error));
PHP 
 $teraboxUrl];
    $signature = createSignature(API_SECRET, $timestamp, $body);

    $headers = [
        'X-API-Key: ' . API_KEY,
        'X-Signature: ' . $signature,
        'X-Timestamp: ' . $timestamp,
        'Content-Type: application/json'
    ];

    $ch = curl_init(BASE_URL . '/api/v1/terabox/get-link');
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($body));
    curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

    $response = curl_exec($ch);
    curl_close($ch);

    return json_decode($response, true);
}

// Example usage
$result = getLink('https://terabox.com/s/1example');
print_r($result);

?>
cURL 
#!/bin/bash

API_KEY="tbx_your_api_key"
API_SECRET="your_api_secret"
BASE_URL="https://api.mswpresents.tech"
TIMESTAMP=$(date +%s)
TERABOX_URL="https://terabox.com/s/1example"

# Create body
BODY='{"url":"'$TERABOX_URL'"}'

# Create signature
MESSAGE="${TIMESTAMP}:${BODY}"
SIGNATURE=$(echo -n "$MESSAGE" | openssl dgst -sha256 -hmac "$API_SECRET" | cut -d' ' -f2)

# Make request
curl -X POST "${BASE_URL}/api/v1/terabox/get-link" \
  -H "X-API-Key: ${API_KEY}" \
  -H "X-Signature: ${SIGNATURE}" \
  -H "X-Timestamp: ${TIMESTAMP}" \
  -H "Content-Type: application/json" \
  -d "$BODY"
Java 
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.net.http.*;
import java.net.URI;
import com.google.gson.Gson;

public class TeraboxAPI {
    private static final String API_KEY = "tbx_your_api_key";
    private static final String API_SECRET = "your_api_secret";
    private static final String BASE_URL = "https://api.mswpresents.tech";

    public static String createSignature(String apiSecret, long timestamp, String body)
            throws Exception {
        String message = timestamp + ":" + body;
        Mac hmac = Mac.getInstance("HmacSHA256");
        SecretKeySpec secretKey = new SecretKeySpec(apiSecret.getBytes(), "HmacSHA256");
        hmac.init(secretKey);
        byte[] hash = hmac.doFinal(message.getBytes());

        StringBuilder hexString = new StringBuilder();
        for (byte b : hash) {
            String hex = Integer.toHexString(0xff & b);
            if (hex.length() == 1) hexString.append('0');
            hexString.append(hex);
        }
        return hexString.toString();
    }

    public static String getLink(String teraboxUrl) throws Exception {
        long timestamp = System.currentTimeMillis() / 1000;
        String body = new Gson().toJson(Map.of("url", teraboxUrl));
        String signature = createSignature(API_SECRET, timestamp, body);

        HttpClient client = HttpClient.newHttpClient();
        HttpRequest request = HttpRequest.newBuilder()
            .uri(URI.create(BASE_URL + "/api/v1/terabox/get-link"))
            .header("X-API-Key", API_KEY)
            .header("X-Signature", signature)
            .header("X-Timestamp", String.valueOf(timestamp))
            .header("Content-Type", "application/json")
            .POST(HttpRequest.BodyPublishers.ofString(body))
            .build();

        HttpResponse response = client.send(
            request,
            HttpResponse.BodyHandlers.ofString()
        );
        return response.body();
    }
}
Go 
package main

import (
    "bytes"
    "crypto/hmac"
    "crypto/sha256"
    "encoding/hex"
    "encoding/json"
    "fmt"
    "net/http"
    "strconv"
    "time"
)

const (
    APIKey    = "tbx_your_api_key"
    APISecret = "your_api_secret"
    BaseURL   = "https://api.mswpresents.tech"
)

func createSignature(apiSecret string, timestamp int64, body []byte) string {
    message := fmt.Sprintf("%d:%s", timestamp, string(body))
    h := hmac.New(sha256.New, []byte(apiSecret))
    h.Write([]byte(message))
    return hex.EncodeToString(h.Sum(nil))
}

func getLink(teraboxURL string) (string, error) {
    timestamp := time.Now().Unix()
    bodyMap := map[string]string{"url": teraboxURL}
    body, _ := json.Marshal(bodyMap)

    signature := createSignature(APISecret, timestamp, body)

    req, _ := http.NewRequest("POST", BaseURL+"/api/v1/terabox/get-link",
                              bytes.NewBuffer(body))
    req.Header.Set("X-API-Key", APIKey)
    req.Header.Set("X-Signature", signature)
    req.Header.Set("X-Timestamp", strconv.FormatInt(timestamp, 10))
    req.Header.Set("Content-Type", "application/json")

    client := &http.Client{}
    resp, err := client.Do(req)
    if err != nil {
        return "", err
    }
    defer resp.Body.Close()

    var result map[string]interface{}
    json.NewDecoder(resp.Body).Decode(&result)
    resultJSON, _ := json.MarshalIndent(result, "", "  ")
    return string(resultJSON), nil
}

func main() {
    result, _ := getLink("https://terabox.com/s/1example")
    fmt.Println(result)
}
Ruby 
require 'openssl'
require 'json'
require 'net/http'
require 'uri'

API_KEY = 'tbx_your_api_key'
API_SECRET = 'your_api_secret'
BASE_URL = 'https://api.mswpresents.tech'

def create_signature(api_secret, timestamp, body)
  body_str = body.to_json
  message = "#{timestamp}:#{body_str}"
  OpenSSL::HMAC.hexdigest('SHA256', api_secret, message)
end

def get_m3u8_link(terabox_url)
  timestamp = Time.now.to_i
  body = { url: terabox_url }
  signature = create_signature(API_SECRET, timestamp, body)

  uri = URI("#{BASE_URL}/api/v1/terabox/get-link")
  http = Net::HTTP.new(uri.host, uri.port)
  http.use_ssl = true

  request = Net::HTTP::Post.new(uri.path)
  request['X-API-Key'] = API_KEY
  request['X-Signature'] = signature
  request['X-Timestamp'] = timestamp.to_s
  request['Content-Type'] = 'application/json'
  request.body = body.to_json

  response = http.request(request)
  JSON.parse(response.body)
end

# Example usage
result = get_m3u8_link('https://terabox.com/s/1example')
puts JSON.pretty_generate(result)
C# 
using System;
using System.Net.Http;
using System.Security.Cryptography;
using System.Text;
using System.Text.Json;
using System.Threading.Tasks;

public class TeraboxAPI
{
    private const string API_KEY = "tbx_your_api_key";
    private const string API_SECRET = "your_api_secret";
    private const string BASE_URL = "https://api.mswpresents.tech";

    public static string CreateSignature(string apiSecret, long timestamp, string body)
    {
        string message = $"{timestamp}:{body}";
        using (var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(apiSecret)))
        {
            byte[] hash = hmac.ComputeHash(Encoding.UTF8.GetBytes(message));
            return BitConverter.ToString(hash).Replace("-", "").ToLower();
        }
    }

    public static async Task getLink(string teraboxUrl)
    {
        long timestamp = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
        var bodyObj = new { url = teraboxUrl };
        string body = JsonSerializer.Serialize(bodyObj);
        string signature = CreateSignature(API_SECRET, timestamp, body);

        using (var client = new HttpClient())
        {
            var request = new HttpRequestMessage(HttpMethod.Post,
                $"{BASE_URL}/api/v1/terabox/get-link");
            request.Headers.Add("X-API-Key", API_KEY);
            request.Headers.Add("X-Signature", signature);
            request.Headers.Add("X-Timestamp", timestamp.ToString());
            request.Content = new StringContent(body, Encoding.UTF8,
                "application/json");

            var response = await client.SendAsync(request);
            return await response.Content.ReadAsStringAsync();
        }
    }

    public static async Task Main(string[] args)
    {
        string result = await getLink("https://terabox.com/s/1example");
        Console.WriteLine(result);
    }
}

🎬 Generate Ultra HD M3U8

POST

Endpoint: /api/v1/terabox/get-link

Request Body:

{
    "url": "https://terabox.com/s/1example"
}

Success Response:

✅ 200 OK

{
    "success": true,
    "link": "https://your-api.com/file/secure-stream.m3u8",
    "file_name": "SecureAPI: Your Video",
    "bytesize": 1048576000,
    "quality": "ultra_hd",
    "cache_hit": false,
    "message": "M3U8 generated successfully"
}

Error Response:

❌ 429 Too Many Requests

{
    "detail": "Daily rate limit (1000) exceeded"
}

📊 Check Usage Statistics

GET

Endpoint: /api/v1/secure/usage

Response:

{
    "success": true,
    "data": {
        "client_name": "Your Company",
        "daily_limit": 1000,
        "requests_today": 247,
        "total_requests": 15892,
        "remaining_today": 753,
        "created_at": "2026-01-01T00:00:00",
        "expires_at": "2026-02-01T00:00:00",
        "last_used": "2026-01-07T10:30:00",
        "is_active": true
    }
}

⚡ Rate Limits & Error Codes

Code Status Description
200 ✅ Success Request processed successfully
400 ❌ Bad Request Invalid request format or parameters
401 🔒 Unauthorized Invalid API key or signature
403 🚫 Forbidden IP not whitelisted or key expired
408 ⏱️ Timeout Request processing took too long
429 🛑 Rate Limited Daily request limit exceeded
500 ⚠️ Server Error Internal server error occurred
⚡ Rate Limits:
  • Default: 1000 requests per day
  • Limits reset at midnight UTC
  • Custom limits available for enterprise clients
  • Check /api/v1/secure/usage for current usage

💡 Best Practices

🔐 Security:

  • Never commit API secret to version control
  • Store credentials in environment variables
  • Always use HTTPS in production
  • Rotate API keys periodically
  • Implement proper error handling

⚡ Performance:

  • Cache M3U8 links to save API calls
  • Implement request retries with exponential backoff
  • Monitor your usage with /api/v1/secure/usage
  • Use connection pooling for multiple requests

💳 Paytm Payment Gateway

POST
📌 Endpoint: POST /api/v1/paytm/verify-payment
📍 Base URL: https://api.mswpresents.tech

Verify Paytm payment transaction status in real-time. Returns UTR ID, payment mode, amount, and full transaction details.
⚠️ Requires Paytm Permission: Your API key must have Paytm gateway access enabled. Contact admin if you get a 403 error.
🔍

Real-time Verify

Instant txn status check

💰

UTR Tracking

Get bank UTR instantly

🛡️

HMAC Secured

Same auth as Terabox API

📊

Usage Analytics

Track your API calls

📋 Request Body (JSON)

Parameter Type Required Description
merchant_id string ✅ Yes Your Paytm Merchant ID (MID)
orderid string ✅ Yes The Order ID to verify

📋 Required Headers

Header Description
X-API-Key Your API key (starts with anku_)
X-Signature HMAC-SHA256 signature of timestamp:body
X-Timestamp Current Unix timestamp (within 5 minutes)
Content-Type application/json

💻 Code Examples

Python 
import hmac
import hashlib
import time
import json
import requests

API_KEY = "anku_your_api_key"
API_SECRET = "your_api_secret"
BASE_URL = "https://api.mswpresents.tech"

def create_signature(api_secret, timestamp, body):
    """Create HMAC-SHA256 signature"""
    body_str = json.dumps(body, separators=(',', ':'), sort_keys=True)
    message = f"{timestamp}:{body_str}"
    signature = hmac.new(
        api_secret.encode(),
        message.encode(),
        hashlib.sha256
    ).hexdigest()
    return signature

def verify_payment(merchant_id, order_id):
    timestamp = int(time.time())
    body = {
        "merchant_id": merchant_id,
        "orderid": order_id
    }
    signature = create_signature(API_SECRET, timestamp, body)

    headers = {
        "X-API-Key": API_KEY,
        "X-Signature": signature,
        "X-Timestamp": str(timestamp),
        "Content-Type": "application/json"
    }

    # IMPORTANT: Use data= with raw string to match signature
    body_str = json.dumps(body, separators=(',', ':'), sort_keys=True)

    response = requests.post(
        f"{BASE_URL}/api/v1/paytm/verify-payment",
        data=body_str,
        headers=headers
    )
    return response.json()

# Example usage
result = verify_payment("YOUR_MERCHANT_MID", "ORDER_123456")
print(json.dumps(result, indent=2))

# Check result
if result.get("success"):
    print(f"✅ Payment successful!")
    print(f"UTR ID: {result.get('UTR_ID')}")
    print(f"Amount: ₹{result.get('TXNAMOUNT')}")
    print(f"Mode: {result.get('PAYMENTMODE')}")
else:
    print(f"❌ {result.get('message')}")
Node.js 
const crypto = require('crypto');
const axios = require('axios');

const API_KEY = 'anku_your_api_key';
const API_SECRET = 'your_api_secret';
const BASE_URL = 'https://api.mswpresents.tech';

function createSignature(apiSecret, timestamp, body) {
    const bodyStr = JSON.stringify(body);
    const message = `${timestamp}:${bodyStr}`;
    return crypto
        .createHmac('sha256', apiSecret)
        .update(message)
        .digest('hex');
}

async function verifyPayment(merchantId, orderId) {
    const timestamp = Math.floor(Date.now() / 1000);
    const body = {
        merchant_id: merchantId,
        orderid: orderId
    };
    const signature = createSignature(API_SECRET, timestamp, body);

    const headers = {
        'X-API-Key': API_KEY,
        'X-Signature': signature,
        'X-Timestamp': timestamp.toString(),
        'Content-Type': 'application/json'
    };

    try {
        const response = await axios.post(
            `${BASE_URL}/api/v1/paytm/verify-payment`,
            body,
            { headers }
        );

        if (response.data.success) {
            console.log('✅ Payment verified!');
            console.log('UTR:', response.data.UTR_ID);
            console.log('Amount:', response.data.TXNAMOUNT);
        }
        return response.data;
    } catch (error) {
        console.error('Error:', error.response?.data || error.message);
        throw error;
    }
}

// Usage
verifyPayment('YOUR_MERCHANT_MID', 'ORDER_123456')
    .then(result => console.log(result));
cURL 
#!/bin/bash

API_KEY="anku_your_api_key"
API_SECRET="your_api_secret"
BASE_URL="https://api.mswpresents.tech"
TIMESTAMP=$(date +%s)

# Create body
BODY='{"merchant_id":"YOUR_MERCHANT_MID","orderid":"ORDER_123456"}'

# Create HMAC-SHA256 signature
MESSAGE="${TIMESTAMP}:${BODY}"
SIGNATURE=$(echo -n "$MESSAGE" | openssl dgst -sha256 -hmac "$API_SECRET" | cut -d' ' -f2)

# Make request
curl -X POST "${BASE_URL}/api/v1/paytm/verify-payment" \
  -H "X-API-Key: ${API_KEY}" \
  -H "X-Signature: ${SIGNATURE}" \
  -H "X-Timestamp: ${TIMESTAMP}" \
  -H "Content-Type: application/json" \
  -d "$BODY"
PHP 
<?php

define('API_KEY', 'anku_your_api_key');
define('API_SECRET', 'your_api_secret');
define('BASE_URL', 'https://api.mswpresents.tech');

function createSignature($apiSecret, $timestamp, $body) {
    $bodyStr = json_encode($body, JSON_UNESCAPED_SLASHES);
    $message = "$timestamp:$bodyStr";
    return hash_hmac('sha256', $message, $apiSecret);
}

function verifyPayment($merchantId, $orderId) {
    $timestamp = time();
    $body = [
        'merchant_id' => $merchantId,
        'orderid' => $orderId
    ];
    $signature = createSignature(API_SECRET, $timestamp, $body);

    $headers = [
        'X-API-Key: ' . API_KEY,
        'X-Signature: ' . $signature,
        'X-Timestamp: ' . $timestamp,
        'Content-Type: application/json'
    ];

    $ch = curl_init(BASE_URL . '/api/v1/paytm/verify-payment');
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($body));
    curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

    $response = curl_exec($ch);
    curl_close($ch);

    return json_decode($response, true);
}

// Usage
$result = verifyPayment('YOUR_MERCHANT_MID', 'ORDER_123456');
print_r($result);

?>

✅ Success Response (TXN_SUCCESS)

{
    "success": true,
    "UTR_ID": "330217XXXXXXXX",
    "ORDERID": "ORDER_123456",
    "TXNAMOUNT": "499.00",
    "STATUS": "TXN_SUCCESS",
    "RESPMSG": "Txn Success",
    "PAYMENTMODE": "UPI",
    "TXNDATE": "2026-04-04 14:30:00.0",
    "GATEWAYNAME": "PPBLPG",
    "BANKTXNID": "330217XXXXXXXX",
    "CURRENCY": "INR",
    "MID": "YOUR_MERCHANT_MID",
    "TXNID": "20260404111212800XXXXXXXX"
}

❌ Failed Response

{
    "success": false,
    "STATUS": "TXN_FAILURE",
    "ORDERID": "ORDER_123456",
    "RESPMSG": "Your payment has been declined by your bank.",
    "TXNAMOUNT": "499.00",
    "message": "Payment not successful. Status: TXN_FAILURE"
}

🚨 Error Codes

Code Meaning Action
400 Missing merchant_id or orderid Check your request body
401 Invalid API key, signature, or timestamp Verify your auth headers
403 API key doesn't have Paytm permission Contact admin to enable Paytm access
429 Daily rate limit exceeded Wait for reset or upgrade plan
502 Paytm gateway unreachable Retry after a few seconds
504 Paytm API timeout (30s) Retry the request

🔗 Additional Paytm Endpoints

GET /api/v1/paytm/health — Check if your API key has Paytm gateway access and view service status

GET /api/v1/paytm/usage — Get your Paytm-specific usage statistics and recent activity logs

Both endpoints require the same authentication headers (X-API-Key, X-Signature, X-Timestamp)

📱 Get API Access

💬 Contact Us:

Ready to integrate our API? Get your API credentials and start building!

  • ✅ Instant API key generation
  • ✅ Custom rate limits for your needs
  • ✅ Technical support and documentation
  • ✅ Enterprise solutions available
  • Terabox API — Ultra HD M3U8 streaming links
  • Paytm Gateway — Payment verification & UTR tracking

📱 Contact on Telegram