diff --git a/app/controllers/dmsf_controller.rb b/app/controllers/dmsf_controller.rb
index ce6ed50e..6833877a 100644
--- a/app/controllers/dmsf_controller.rb
+++ b/app/controllers/dmsf_controller.rb
@@ -31,6 +31,8 @@ class DmsfController < ApplicationController
 
   accept_api_auth :show, :create, :save
 
+  skip_before_action :verify_authenticity_token,  if: -> { request.headers["HTTP_X_REDMINE_API_KEY"].present? }
+
   helper :all
 
   def expand_folder
@@ -44,6 +46,8 @@ class DmsfController < ApplicationController
   end
 
   def show
+    # also try to lookup folder by title if this is API call
+    find_folder_by_title if [:xml, :json].include? request.format.to_sym
     get_display_params
     if @folder && @folder.deleted?
       render_404
@@ -550,6 +554,15 @@ class DmsfController < ApplicationController
     render_404
   end
 
+  def find_folder_by_title
+    # find by title has to be scoped to project
+    @folder = DmsfFolder.find_by(title: params[:folder_title], project_id: params[:id]) if params[:folder_title].present?
+  rescue DmsfAccessError
+    render_403
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+
   def find_parent
     @parent = DmsfFolder.visible.find params[:parent_id] if params[:parent_id].present?
   rescue DmsfAccessError
diff --git a/app/views/dmsf/show.api.rsb b/app/views/dmsf/show.api.rsb
index 542a39f4..8d0ef0e0 100644
--- a/app/views/dmsf/show.api.rsb
+++ b/app/views/dmsf/show.api.rsb
@@ -29,4 +29,12 @@ api.dmsf do
       end
     end
   end
+
+  if @folder
+    api.found_folder do
+      api.id @folder.id
+      api.title @folder.title
+    end
+  end
+
 end
\ No newline at end of file