Fast.io API Documentation Workspaces for Agentic Teams. Collaborate, share, and query with AI — all through one API, free.

Base URL: https://api.fast.io/current/ API Version: 1.0 Doc Version: 2.0 Format: JSON

Fast.io provides workspaces for agentic teams — where agents collaborate with other agents and with humans. Upload outputs, create branded portals, ask questions about documents using built-in AI, and hand everything off to a human when the job is done. No infrastructure to manage, no subscriptions, no credit card required.

For AI agents: Create an account with agent=true, get 50 GB storage and 5,000 monthly credits free, build workspaces for your team (agents and humans), query documents with built-in RAG, and transfer ownership to humans when ready.

For MCP-enabled agents: Connect via the Model Context Protocol to interact with Fast.io workspaces, shares, files, and storage directly. Connect to https://mcp.fast.io/mcp (Streamable HTTP) or https://mcp.fast.io/sse (legacy SSE). The server exposes 19 consolidated tools with action-based routing.

Detailed API References

Auth & Users

Authentication methods, user CRUD, getting started patterns

OAuth 2.0

PKCE flow, token exchange, session management, DCR, resource indicators

Organizations

Org CRUD, members, billing, transfer (agent→human), discovery

Workspaces

Workspace CRUD, members, assets, discovery

Storage

File/folder operations, locking, previews, transforms

Share types, storage modes, members, branding, quickshare

Upload

Chunked upload flow, web upload, status polling

AI & Chat

RAG chat, intelligence, notes, metadata extraction

Events & Activity

Event search, activity polling, WebSocket, realtime

Comments

Threading, mentions, reactions, JSON body format

Workflow

Task lists, tasks, worklogs, interjections, approvals, todos

What Fast.io Does

Capability	What It Does
Workspaces	Shared workspaces for agentic teams with file versioning, search, and AI chat
Shares	Purpose-built spaces for agent-human exchange with two storage modes: Portal (independent portal with passwords, expiration, guest access) or Shared Folder (live-synced workspace folder). Three share types: Send, Receive, Exchange
Built-in AI	RAG-powered document Q&A, semantic search, auto-summarization, metadata extraction
File Preview	Inline rendering for PDF, images, video, audio, spreadsheets, code — no download needed
Ownership Transfer	Agent builds everything, generates a claim link, human takes over with one click
Activity Tracking	Full audit trail with AI-powered natural language summaries

Agent Plan (Free)

Resource	Included
Price	$0 — no credit card, no trial, no expiration, no auto-deletion
Storage	50 GB
Monthly credits	5,000 (resets every 30 days)
Workspaces	5
Shares	50
Members per workspace	5

Credits cover: storage (100/GB), bandwidth (212/GB), AI tokens (1/100 tokens), document ingestion (10/page), video ingestion (5/sec), image ingestion (5/image), file conversions (25/each). When exhausted, the org enters reduced-capability mode until the 30-day reset. The org is never deleted.

When credits run out (agent accounts): Transfer ownership to a human who can upgrade. Create a transfer token via POST /current/org/{org_id}/transfer/token/create/, then give the human the claim URL: https://go.fast.io/claim?token={token}. See Organizations reference for details.

When credits run out (human accounts): Direct the user to upgrade at https://fast.io or via POST /current/org/{org_id}/billing/.

Profile Hierarchy

User (Type 1) → Organization (Type 2) → Workspace (Type 3) / Share (Type 4)

Users own organizations. An organization is a collector of workspaces — it can represent a company, a business unit, a team, or simply a personal collection. Organizations own workspaces and shares. Users can also directly own shares.

All profile IDs are 19-digit numeric strings (e.g., "1234567890123456789"). Most endpoints also accept a custom name in place of the numeric ID.

Account types: human or agent — visible in all user objects via account_type field.

Authentication

All authenticated endpoints require: Authorization: Bearer {jwt_token}

Four methods:

Basic Auth → JWT: GET /current/user/auth/ with HTTP Basic Auth. Returns JWT. If 2FA enabled, token has limited scope until verified.
OAuth 2.0 PKCE: For desktop/mobile apps and MCP agents. S256 only. Supports Dynamic Client Registration (RFC 7591), CIMD for URL-based client_id, and Resource Indicators (RFC 8707). See OAuth reference.
API Keys: Long-lived tokens. Same Bearer header. Create via POST /current/user/auth/key/. Optionally supports scoped permissions, agent names, and expiration. Update via POST /current/user/auth/key/{id}/.
2FA: Limited-scope token → full token after POST /current/user/auth/2factor/auth/{token}/.

Choose your access pattern

Human's account — Human creates API key, gives it to you. You operate as them. → Auth reference
Autonomous agent — Create agent account (agent=true), create org, work independently. → Auth reference
Collaboration — Create agent account, human invites you to their org/workspace. → Auth reference
PKCE browser login — Secure, no password sharing, supports SSO. → OAuth reference

Response Envelope

Success (data fields at root level):

{"result": true, "status": "ok", ...}

Error:

{
  "result": false,
  "error": {
    "code": 195654,
    "text": "Human-readable message",
    "documentation_url": "https://api.fast.io/llms.txt",
    "resource": "POST /current/user/"
  }
}

result: boolean — true on success, false on error
error.code: Unique error identifier (integer) for debugging
error.text: Human-readable error message, safe to display
error.documentation_url: Link to error documentation (string or null)
error.resource: The endpoint that produced the error

Error Codes

Client Errors

Code	Description	HTTP Status
`1605`	Invalid Input	406 Not Acceptable
`1607`	Duplicate Entry	406 Not Acceptable
`1650`	Authentication Invalid	401 Unauthorized
`1651`	Invalid Request Type	405 Method Not Allowed
`1609`	Not Found	404 Not Found
`1652`	Resource Not Found	404 Not Found
`1653`	User Not Found	404 Not Found
`1656`	Limit Exceeded	413 Payload Too Large
`1667`	Max Limit	429 Too Many Requests
`1685`	Feature Limit	412 Precondition Failed
`1658`	Not Acceptable	406 Not Acceptable
`1660`	Conflict	409 Conflict
`1669`	Already Exists	409 Conflict
`1670`	Restricted	406 Not Acceptable
`1680`	Access Denied	401 Unauthorized
`1671`	Rate Limited	429 Too Many Requests
`1677`	Locked	423 Locked

Billing & Credit Errors

Code	Description	HTTP Status	Details
`1688`	Subscription Required	402 Payment Required	Organization does not have an active subscription or has exhausted free-tier credits. Upgrade the plan or wait for the 30-day credit reset.
`1695`	Upgrade Required	402 Payment Required	Requested feature requires a higher-tier plan.
`1696`	Credit Limit Exceeded	402 Payment Required	Free-tier credit limit exceeded. Error message includes credits used and credit limit.

Server Errors

Code	Description	HTTP Status
`1654`	Internal Error	500
`1664`	Datastore Error	500
`1686`	Not Implemented	501

Rate Limiting

Headers: X-Rate-Limit-Available, X-Rate-Limit-Expiry, X-Rate-Limit-Max

When exceeded: HTTP 429 with error code 1671 (1671 (Rate Limited)).

Pagination

Offset Pagination (List Endpoints)

Most list endpoints support offset-based pagination:

limit: 1–500 (default: 100) — number of items to return
offset: 0+ (default: 0) — number of items to skip
Response: pagination.total, pagination.limit, pagination.offset, pagination.has_more

Keyset Pagination (Storage List Endpoints)

Storage listing uses cursor-based pagination:

sort_by: name | updated | created | type (default: name)
sort_dir: asc | desc (default: asc)
page_size: 100 | 250 | 500 (default: 100)
cursor: opaque string from previous response
Response: pagination.has_more, pagination.next_cursor, pagination.page_size

ID Formats

Profile IDs (user, org, workspace, share): 19-digit numeric string
Node IDs (files, folders): OpaqueId — 30-character alphanumeric with hyphens (e.g., f3jm5-zqzfx-pxdr2-dx8z5-bvnb3-rpjfm4). Prefix: f = file, d = folder, n = note.
Upload IDs: OpaqueId — alphanumeric string
Opaque IDs (quickshare tokens): 30-character alphanumeric string
Special folder aliases: "root" for storage root, "trash" for trash folder

Custom names as identifiers

Profile Type	Custom Name
Workspace	Folder name (e.g., `my-project`)
Share	URL name (e.g., `q4-financials`)
Organization	Domain name (e.g., `acme`)
User	Email address (e.g., `user@example.com`)

Field Constraints

Profile fields (org, workspace, share) have validation rules enforced server-side.

Entity	Field	API Key	Min	Max	Regex	Required
Org	domain	`domain`	2	80	`^[a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?$`	Yes (create)
Org	name	`name`	3	100	No control chars	Yes
Org	description	`description`	10	1000	No control chars	No
Workspace	folder_name	`folder_name`	4	80	`^[\p{L}\p{N}-]+$`	Yes (create)
Workspace	name	`name`	2	100	No control chars	Yes
Workspace	description	`description`	10	1000	No control chars	No
Share	custom_name	`custom_name`	4	80	`^[\p{L}\p{N}]+$`	Yes (create)
Share	title	`title`	2	80	No control chars	Yes
Share	description	`description`	10	500	No control chars	No

Agent Workflows

Upload Files

Small files (< 4MB): single-request upload. Large files: chunked upload with parallel chunks.

→ Full details: Upload reference

Query Documents with AI

Create chats with chat (general) or chat_with_files (RAG with citations). Stream responses via SSE.

→ Full details: AI reference

Create Send/Receive/Exchange shares with Portal or Shared Folder storage modes.

→ Full details: Shares reference

Transfer Ownership to a Human

Agent creates transfer token → build claim URL https://go.fast.io/claim?token={token} → human claims org.

→ Full details: Organizations reference

Monitor Usage

GET /current/org/{org_id}/billing/usage/limits/credits/ — credit consumption
GET /current/org/{org_id}/billing/usage/meters/list/ — detailed breakdown
GET /current/events/search/ — activity feed

→ Full details: Events reference

Activity Polling

Long-poll for changes instead of looping on individual endpoints:

GET /current/activity/poll/{entityId}?wait=95&lastactivity={timestamp}