Share Management Purpose-built portals for exchanging files with internal teams and external guests.

Base URL: https://api.fast.io/current/ Auth: Bearer {jwt_token} Format: JSON

Shares are purpose-built portals for exchanging files with internal teams and external guests. They support branded file preview, download controls, guest access, password protection, expiration, AI-powered features, and real-time collaboration.

Share Types

TypeDirectionDescriptionGuest Uploads"Anyone with the link" Access
sendOwner → GuestOwner distributes files; guests can download onlyNoAllowed
receiveGuest → OwnerOwner collects files; guests can upload onlyYesNot allowed
exchangeBidirectionalBoth parties can upload and downloadYesNot allowed

Default share type is exchange.

Storage Modes (Immutable at Creation)

Portal (storage_mode=independent, default)

The share has its own isolated storage. Files added to the portal are independent of any workspace. Changes to workspace files do not affect the portal, and vice versa.

Features: Expiration dates, archiving, password protection (Send type only), custom branding, guest access, inline file preview, download controls, post-download messaging, AI auto-titling.

Shared Folder (storage_mode=workspace_folder)

The share is backed by a specific workspace folder. The share displays the live contents of that folder — files added, updated, or removed in the workspace folder are immediately reflected in the share. No file duplication, so no extra storage cost.

Creation: Pass folder_node_id={folder_opaque_id} to link an existing folder, or create_folder=true with folder_name to create a new one.

Restrictions: Expiration dates and archiving are not allowed since the content is live. Each workspace folder can only be shared once. If the backing folder is deleted, the share becomes orphaned (is_orphaned: true in details response).

Both modes look the same to share recipients — a branded portal with file preview, download controls, and all share features.

Response Field: share_category

API responses include a share_category field alongside storage_mode. The storage_mode field is the input parameter used when creating shares; share_category is response-only.

storage_modeshare_category
independentportal
workspace_foldershared_folder

Access Options

The access_options parameter controls who can access the share:

ValueDescription
'Only members of the Share or Workspace'Most restrictive (default). Only explicit members or workspace members.
'Members of the Share, Workspace or Org'Org members can also access
'Anyone with a registered account'Any authenticated Fastio user
'Anyone with the link'Public access. Enables password protection (Send type only).

Restrictions:

Compact Responses (output=)

Every endpoint that returns one or more share objects (details, list, discovery) accepts an optional output query parameter that selects the response shape. A single detail-level token may be combined with modifier tokens; specifying two detail levels (e.g. ?output=terse,standard) returns HTTP 400. When output= is omitted, responses are full and byte-for-byte unchanged.

LevelFields returned on each share (cumulative)
terseid, title, share_type, share_level, share_root_id (the share-root node id as a top-level scalar — member-only; guests do not receive this field), creator (scalar user id)
standardterse + share_category, storage_mode, folder_node_id, full share_link object, parent linkage, lifecycle flags (including locked, admin-only), custom_name, custom_url, description, download_security, expires, created, updated, guest_chat_enabled/anonymous_uploads_enabled flags, user_status, intelligence, workflow
fullstandard + capabilities, permission blocks, activity tracking, comments, event_flow, filesystem, invite, member_visibility, multiplayer, chat, search, assets, workflow_permissions, access_options, display_type, branding (accent color, logo, background), password, platform, notify, link_1/link_2/link_3, owner_defined, deleted, storage, suspended, parents

Use terse for share pickers, share-link previews, and navigation sidebars — it carries the ID, title, type (Send/Receive/Exchange), access level, the share's root node id as a top-level share_root_id scalar (what layouts and transfer pages need to scope navigation), and a creator user id so "Shared by {creator}" rows can resolve via the user cache without pulling the full share-link object. Use standard for share list views and the summary card on share detail pages — it adds storage mode, folder binding, the full share_link object, timestamps, expiration, the caller's membership status, the locked lifecycle chip (admin-only), and the download_security badge (high/medium/off) that share-list rows render. Use full (or omit the parameter) for the share settings screen, branding editors, password configuration, invite link management, and any workflow that reads capability or permission matrices. Unknown tokens are silently ignored. Add the markdown modifier (e.g. ?output=standard,markdown) to receive the response as GitHub-flavored Markdown (Content-Type: text/markdown; charset=UTF-8) instead of JSON — see the cross-cutting ?output= reference for the full contract.

Create Share

POST /current/workspace/{workspace_id}/create/share/

Create a new share in a workspace. Auth required.

Path Parameters

ParameterTypeRequiredDescription
{workspace_id}stringYes19-digit numeric workspace profile ID

Required Parameters

ParameterTypeRequiredDescription
intelligencestringYesBoolean string ("true" / "false"). Enable AI indexing. Setting "true" requires both the content_ai and ai_agent plan features; plans without both will be rejected with 1605 (Invalid Input). Portal (independent) shares only — workspace folder shares cannot enable intelligence.

Optional Parameters

ParameterTypeDefaultConstraintsDescription
share_typestringexchangesend, receive, exchangeShare direction type
access_optionsstringOnly members of the Share or WorkspaceSee Access OptionsWho can access the share
invitestringownersowners, guestsWho can manage share invitations
storage_modestringindependentindependent, workspace_folderStorage mode (immutable after creation)
folder_node_idstringValid opaque IDWorkspace folder opaque ID (required for workspace_folder if not creating)
create_folderstringBoolean stringCreate a new backing folder (with folder_name)
folder_namestringShared FolderNot blankName for the new backing folder (with create_folder=true)
titlestring2-80 charsShare display title
descriptionstring10-500 charsShare description
custom_namestringAuto-generated10-100 chars, URL-friendlyURL-friendly custom name. Auto-generated opaque ID if omitted.
passwordstring4-128 charsPassword. Only with Send type + 'Anyone with the link' access.
expiresstringdatetimeExpiration date. Portal mode only.
notifystringnevernever, notify_on_file_received, notify_on_file_sent_or_receivedNotification preference
comments_enabledstringBoolean stringEnable comments
download_securitystringhigh, medium, offDownload security level. high: downloads disabled. medium: downloads require a short-lived nonce. off: downloads unrestricted.
guest_chat_enabledstringBoolean stringEnable guest AI chat
display_typestringNot blankVisual display mode (grid, list)
workspace_stylestringNot blankWorkspace visual style
accent_colorstringValid JSONJSON color object for accent
background_color1stringValid JSONJSON color object for primary background
background_color2stringValid JSONJSON color object for secondary background
background_imageintegerNumeric, validated rangeBackground image selection
link_1stringValid JSONJSON link object (custom link #1)
link_2stringValid JSONJSON link object (custom link #2)
link_3stringValid JSONJSON link object (custom link #3)
owner_definedstringValid JSON or "null"Custom owner-defined properties
anonymous_uploads_enabledstringfalseBoolean stringEnable anonymous file uploads. Receive/Exchange + 'Anyone with the link' + premium plan only.

Request Example

curl -X POST "https://api.fast.io/current/workspace/1234567890123456789/create/share/" \
  -H "Authorization: Bearer {jwt_token}" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "share_type=send&intelligence=true&access_options=Anyone+with+the+link&title=Client+Deliverables"

Response

Status: 200 OK

{
  "result": true,
  "share": {
    "id": "9876543210987654321",
    "custom_name": "aB3cD4eF5g",
    "storage_mode": "independent",
    "share_category": "portal"
  }
}

For workspace folder shares, the response also includes folder_node_id.

Response Fields

FieldTypeDescription
response.share.idstring19-digit share profile ID
response.share.custom_namestringURL name (custom or auto-generated)
response.share.storage_modestringindependent or workspace_folder
response.share.share_categorystringportal (independent) or shared_folder (workspace_folder). Response-only.
response.share.folder_node_idstringBacking folder node ID (workspace_folder only)

Error Responses

HTTP StatusCodeMessageCause
4001605 (Invalid Input)An invalid share custom name was supplied.Custom name fails validation
4001605 (Invalid Input)An invalid share expiration date was supplied.Invalid datetime format
4001605 (Invalid Input)Password can only be set for shares with 'Anyone' access option.Password on non-public share
4001605 (Invalid Input)Receive and Exchange shares cannot have 'Anyone' access option...Public access on receive/exchange
4001605 (Invalid Input)Workspace folder shares cannot have an expiration date...Expiration on workspace_folder share
4001605 (Invalid Input)Must provide folder_node_id or set create_folder=true...Missing folder config for workspace_folder mode
4031685 (Feature Limit)The organization has reached its share creation limit...Share quota exceeded for billing plan
4061658 (Not Acceptable)The supplied share custom name is already in use.Duplicate custom name
4061658 (Not Acceptable)This folder has already been shared.Folder already linked to another share
4091660 (Conflict)Unable to process share creation request due to concurrent operation.Concurrent operation conflict
5001663 (Update Failed)There was an internal error processing your create request.Internal error

Share Details

GET /current/share/{share_id}/details/

Get full share details. Auth required (optional for public shares). {share_id} accepts a 19-digit numeric ID or a custom name.

Path Parameters

ParameterTypeRequiredDescription
{share_id}stringYes19-digit share profile ID or custom name

Request Example

curl -X GET "https://api.fast.io/current/share/1234567890123456789/details/" \
  -H "Authorization: Bearer {jwt_token}"

Response

Status: 200 OK

{
  "result": true,
  "share": {
    "id": "1234567890123456789",
    "title": "Q4 Financial Reports",
    "description": "Quarterly financial documents",
    "share_type": "exchange",
    "custom_name": "q4-reports",
    "storage_mode": "independent",
    "share_category": "portal",
    "closed": false,
    "archived": false,
    "share_level": "owner",
    "share_root_id": "node_abc123def456",
    "download_security": "off",
    "activity_tracking": {
      "enabled": true,
      "owner_activity": true,
      "guest_activity": true,
      "own_activity": true,
      "all_upload_activity": false
    },
    "comments": {
      "enabled": true,
      "owner_comments_visible": true,
      "guest_comments_visible": true,
      "personal_replies_visible": true,
      "owner_replies_visible": true
    },
    "filesystem": {
      "file_creation": true,
      "file_modification": "owned",
      "file_download": "all",
      "file_view": "all",
      "folder_creation": true,
      "folder_modification": "owned"
    },
    "event_flow": {
      "enabled": true,
      "can_see_own_events": true,
      "can_see_owner_events": true,
      "can_see_guest_events": false
    },
    "multiplayer": {
      "enabled_for_user": true,
      "enabled_for_owners": true,
      "enabled_for_guests": true,
      "owners_can_see_guests": true,
      "guests_can_see_owners": false
    },
    "member_visibility": {
      "user_can_see_members": true,
      "owners_can_see_members": true,
      "guests_can_see_members": false
    },
    "invite": {
      "setting": "owners_only",
      "can_invite": true
    },
    "capabilities": {
      "can_archive": true,
      "can_set_expiration": true
    },
    "parent_type": "workspace",
    "parent_workspace": "9876543210987654321",
    "parent_org": "1122334455667788990",
    "created": "2024-01-01 10:00:00 UTC",
    "expires": "2024-12-31 23:59:59 UTC"
  }
}

Response Fields

FieldTypeDescription
response.share.idstringShare profile ID
response.share.titlestring|nullDisplay title
response.share.descriptionstring|nullShare description
response.share.share_typestringsend, receive, or exchange
response.share.custom_namestring|nullURL-friendly custom name
response.share.storage_modestringindependent or workspace_folder
response.share.share_categorystringportal (independent) or shared_folder (workspace_folder). Response-only.
response.share.closedbooleanWhether the share has been soft-deleted
response.share.archivedbooleanWhether the share is archived
response.share.share_levelstringCurrent user's access level: owner, guest, public, excluded
response.share.share_root_idstring|nullNode OpaqueId of the share's root folder (graft point). Top-level scalar form of share_link.graft_point. Member-only. Returned only when the caller has at least share-member access.
response.share.download_securitystringDownload security level: high, medium, or off
response.share.activity_trackingobjectActivity visibility settings
response.share.commentsobjectComment visibility and permission settings
response.share.filesystemobjectFile and folder operation permissions
response.share.event_flowobjectReal-time event visibility settings
response.share.multiplayerobjectReal-time collaboration/presence settings
response.share.member_visibilityobjectWho can see other share members
response.share.inviteobjectInvitation policy settings
response.share.capabilitiesobjectOperations allowed based on storage mode
response.share.parent_typestring|nullworkspace or user
response.share.parent_workspacestring|nullParent workspace ID (workspace-owned shares only)
response.share.parent_orgstring|nullParent organization ID (workspace-owned shares only)
response.share.createdstringCreation timestamp (YYYY-MM-DD HH:MM:SS UTC)
response.share.expiresstring|nullExpiration timestamp, or null
response.share.folder_node_idstring|nullBacking folder node ID (workspace_folder only)
response.share.is_orphanedbooleanWhether backing folder was deleted (workspace_folder only)

Error Responses

HTTP StatusCodeMessageCause
4011650 (Authentication Invalid)Authentication requiredNon-public share without auth
403144499You do not have permissions to view this share.Lacks view permission

Public Share Details

GET /current/share/{share_id}/public/details/
POST /current/share/{share_id}/public/details/

Returns a comprehensive view of a share from a single API call. Includes share details, owner information, file listing, member list, and comments. No auth required (optional; enhances permissions if provided).

For password-protected shares, pass the password JWT in the x-ve-password header (obtained from the password auth endpoint).

Request Example

# Public access (no auth)
curl -X GET "https://api.fast.io/current/share/1234567890123456789/public/details/"

# Password-protected share
curl -X GET "https://api.fast.io/current/share/1234567890123456789/public/details/" \
  -H "x-ve-password: {password_jwt_token}"

# Authenticated user
curl -X GET "https://api.fast.io/current/share/1234567890123456789/public/details/" \
  -H "Authorization: Bearer {jwt_token}"

Response

Status: 200 OK

{
  "result": true,
  "share": {
    "id": "1234567890123456789",
    "title": "Q4 Financial Reports",
    "share_type": "exchange",
    "storage_mode": "independent",
    "share_category": "portal"
  },
  "owner": {
    "id": "9988776655443322110",
    "display_name": "Jane Smith",
    "avatar": "https://..."
  },
  "nodes": [
    {
      "id": "aB3cD4eF5g",
      "name": "report.pdf",
      "type": "file",
      "size": 1048576,
      "parent": "root"
    }
  ],
  "users": [
    {
      "id": "1122334455667788990",
      "display_name": "John Doe",
      "role": "guest"
    }
  ],
  "comments": [],
  "org": {
    "id": "5566778899001122334",
    "name": "Acme Corp"
  }
}

Response Fields

FieldTypeDescription
response.shareobjectFull share details (same as details endpoint)
response.ownerobjectShare owner's user resource
response.nodesarrayTop-level files and folders in the share root
response.usersarrayShare members (if user has member visibility permission)
response.commentsarrayComments on the share (filtered by visibility permissions)
response.orgobject|nullOrganization resource (only for workspace-owned shares)

Error Responses

HTTP StatusCodeMessageCause
403183836You do not have permissions to view this share.Lacks public view permission
500121168Failed to access share storageInternal storage error

Update Share

POST /current/share/{share_id}/update/

Update share settings. Auth required. Owner/admin only. Supports partial updates. Works on archived shares.

Request Body (All Fields Optional)

ParameterTypeConstraintsDescription
namestringNot blankShare display name
titlestringNot blank, or "null" to clearDisplay title (2-80 chars)
descriptionstring"null" or "" to clearShare description (10-500 chars)
custom_namestring10-100 chars, or "null" to clearURL-friendly custom name. Must be unique.
share_typestringsend, receive, exchangeShare direction type
access_optionsstringSee Access OptionsWho can access the share
invitestringowners, guestsWho can manage invitations
passwordstring4-128 chars, "null"/"" to clearPassword. Only with Send type + 'Anyone with the link'.
expiresstringdatetime, "null" to clearExpiration. Portal mode only.
notifystringSee notification valuesNotification preference
comments_enabledstringBoolean stringEnable/disable comments
download_securitystringhigh, medium, offDownload security level. high: downloads disabled. medium: downloads require a short-lived nonce. off: downloads unrestricted.
display_typestringgrid, listVisual display mode
workspace_stylestringNot blankWorkspace visual style
guest_chat_enabledstringBoolean stringEnable/disable guest AI chat
intelligencestringBoolean stringCan be toggled. Setting "true" requires both content_ai and ai_agent plan features. Disabling flushes embeddings; re-enabling re-indexes (costs AI credits).
accent_colorstringJSON or "null"JSON color object for accent
background_color1stringJSON or "null"JSON color object for primary background
background_color2stringJSON or "null"JSON color object for secondary background
background_imageintegerNumeric, validated rangeBackground image selection
link_1stringJSON or "null"JSON link object (custom link #1)
link_2stringJSON or "null"JSON link object (custom link #2)
link_3stringJSON or "null"JSON link object (custom link #3)
owner_definedstringJSON or "null"Custom owner-defined properties
share_link_node_idstring"null" onlyCan only be set to "null" to remove workspace share link node
anonymous_uploads_enabledstringBoolean stringEnable/disable anonymous file uploads. Receive/Exchange + 'Anyone with the link' + premium plan only. Automatically disabled when access changes from "Anyone" or type changes from Receive/Exchange.

Request Example

curl -X POST "https://api.fast.io/current/share/1234567890123456789/update/" \
  -H "Authorization: Bearer {jwt_token}" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "title=Updated+Title&description=New+description&share_type=exchange"

Response

Status: 200 OK

{
  "result": true
}

Important Behaviors

Error Responses

HTTP StatusCodeMessageCause
4001605 (Invalid Input)An invalid share custom name was supplied.Invalid or duplicate custom name
4001605 (Invalid Input)An invalid share expiration date was supplied.Invalid datetime format
4001605 (Invalid Input)Password can only be set for shares with 'Anyone' access option.Password on non-public share
4001605 (Invalid Input)Intelligence cannot be enabled on workspace folder shares...Intelligence enable on a workspace_folder share
4001605 (Invalid Input)Intelligence requires a plan with agentic AI support.Plan missing content_ai or ai_agent (cannot set intelligence=true)
4121685 (Feature Limit)Intelligence setting can only be changed twice per minute and five times per hour. Please wait and try again.Intelligence toggle throttled (per-share limit)
4001605 (Invalid Input)Workspace folder shares cannot have an expiration date...Expiration on workspace_folder share
4001605 (Invalid Input)Receive and Exchange shares cannot have 'Anyone' access option...Public access on receive/exchange
403144499You do not have permissions to access this share.User lacks admin permission
4061658 (Not Acceptable)The supplied share custom name is already in use.Duplicate custom name
5001663 (Update Failed)There was an internal error processing your update request.Internal error

Delete Share

DELETE /current/share/{share_id}/delete/

Soft-delete (close) a share. Auth required. Owner/admin only. Requires confirmation.

Request Body

ParameterTypeRequiredDescription
confirmstringYesMust match either the share's custom_name (case-insensitive) or its numeric id. Send as a query-string parameter (?confirm=...) — a request body is not read on this DELETE. Safety check.

Request Example

curl -X DELETE "https://api.fast.io/current/share/1234567890123456789/delete/?confirm=my-share-name" \
  -H "Authorization: Bearer {jwt_token}"

Response

Status: 202 Accepted

{
  "result": true
}

Error Responses

HTTP StatusCodeMessageCause
406130987The confirm field is required. Pass the share's custom_name or numeric id as the confirm query parameter.confirm not supplied as a query parameter
40610571The confirm field provided does not match the share's custom_name or id.Confirmation mismatch
403144499You do not have permissions to access this share.Lacks admin permission
5001663 (Update Failed)There was an internal error processing your request.Internal error

Notes

Archive / Unarchive

POST /current/share/{share_id}/archive/
POST /current/share/{share_id}/unarchive/

Archive or unarchive a share. Auth required. Owner/admin only. Portals only — workspace folder shares cannot be archived.

No request body required.

Request Example

curl -X POST "https://api.fast.io/current/share/1234567890123456789/archive/" \
  -H "Authorization: Bearer {jwt_token}"

Response

Status: 202 Accepted

{
  "result": true
}

Error Responses

HTTP StatusCodeMessageCause
4001605 (Invalid Input)Workspace folder shares cannot be archived...workspace_folder share
4001663 (Update Failed)The share is already archived. / The share is not archived.Wrong current state
403144499You do not have permissions to access this share.Lacks admin permission

Notes

Password Protection

Available only on Send shares with 'Anyone with the link' access.

Set/Update Password

Set via password parameter on create or update (4-128 chars). Send "null" or "" to clear.

Authenticate with Password

POST /current/share/{share_id}/auth/password/

Authenticate with a share password to get a scoped JWT token. No user auth required.

Request Body

ParameterTypeRequiredDescription
passwordstringYesShare password

Request Example

curl -X POST "https://api.fast.io/current/share/1234567890123456789/auth/password/" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "password=mysecretpassword"

Response

Status: 200 OK

{
  "result": true,
  "expires_in": 86400,
  "auth_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Response Fields

FieldTypeDescription
response.expires_inintegerToken lifetime in seconds (86400 = 24 hours)
response.auth_tokenstringJWT token to use in x-ve-password header

Error Responses

HTTP StatusCodeMessageCause
400Input validationPassword is required for authentication.Missing password field
4011650 (Authentication Invalid)This share does not require password authentication.Not password-protected or not public
4061658 (Not Acceptable)Invalid password provided for this share.Wrong password
5001654 (Internal Error)Failed to create authentication token.JWT creation failure

Notes

Anonymous File Drop (Guest Auth)

Enables anonymous file uploads on public Receive and Exchange shares without requiring account registration. Visitors obtain a scoped JWT via the guest auth endpoint, then use it as a Bearer token for subsequent upload requests.

Requirements:

Authenticate as Guest

POST /current/share/{share_id}/auth/guest/

Obtain a scoped JWT for anonymous file uploads. Creates an ephemeral user account. No user auth required.

Request

No body required. POST request only.

Request Example

curl -X POST "https://api.fast.io/current/share/1234567890123456789/auth/guest/"

Response

Status: 200 OK

{
  "result": true,
  "auth_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expires_in": 3600
}

Response Fields

FieldTypeDescription
response.auth_tokenstringScoped JWT for anonymous uploads (use as Bearer token)
response.expires_inintegerToken lifetime in seconds

Error Responses

HTTP StatusCodeMessageCause
4011650 (Authentication Invalid)Anonymous uploads are not enabled for this share.Feature not enabled or share not eligible
4121685 (Feature Limit)Anonymous uploads require a premium plan.Org not on premium plan
4291671 (Rate Limited)Rate limit exceededToo many requests from this IP
5001654 (Internal Error)Failed to create authentication token.JWT creation failure

Notes

Anonymous Upload Workflow

  1. Check share eligibility: GET /current/share/{share_id}/public/details/ — verify anonymous_uploads_enabled: true in the response.
  2. Obtain guest token: POST /current/share/{share_id}/auth/guest/ — returns a scoped auth_token.
  3. Upload files: Use the standard upload flow (POST /current/upload/init/, chunk upload, POST /current/upload/complete/) with Authorization: Bearer {auth_token}.
  4. Add to share: POST /current/share/{share_id}/storage/addfile/ with the upload key, using the same Bearer token.

Expiration

Available only on portal shares (not workspace folder).

Set the expires parameter (datetime format: YYYY-MM-DD HH:MM:SS) on create or update. Send "null" to clear. When the share expires, access is revoked. Expiration is validated against the billing plan.

Branding & Styling

Shares support custom branding through the update endpoint:

ParameterTypeDescription
accent_colorstringJSON color object for accent
background_color1stringJSON color object for primary bg
background_color2stringJSON color object for secondary bg
background_imageintegerBackground image selection (numeric)
link_1stringJSON link object (custom link #1)
link_2stringJSON link object (custom link #2)
link_3stringJSON link object (custom link #3)

Send "null" for any JSON field to clear it.

Share Assets

List Available Asset Types

GET /current/share/assets/

Returns the schema of available asset types (e.g., logo, background). No auth required.

List Share Assets

GET /current/share/{share_id}/assets/

List assets set on a share. Auth required. Owner/admin only.

Upload/Set Asset

POST /current/share/{share_id}/assets/{asset_id}/

Upload an asset (multipart/form-data). Auth required. Owner/admin only.

FieldTypeRequiredDescription
filefileYesThe asset file to upload
metadataJSONNoOptional metadata for the asset

Request Example

curl -X POST "https://api.fast.io/current/share/1234567890123456789/assets/logo/" \
  -H "Authorization: Bearer {jwt_token}" \
  -F "file=@logo.png" \
  -F 'metadata={"crop_x": 0, "crop_y": 0}'

Delete Asset

DELETE /current/share/{share_id}/assets/{asset_id}/

Remove an asset. Auth required. Owner/admin only.

Read Asset Binary

GET /current/share/{share_id}/assets/{asset_id}/read/

Returns raw binary data of a share asset. Auth optional for public shares. Works on archived shares.

Query ParameterTypeRequiredDescription
widthintegerNoRequested width (max 4096). Background images only.
heightintegerNoRequested height (max 4096). Background images only.

Share Members

Permission Levels

LevelValueDescription
Owner1000Full control and ownership
Admin500Administrative access, manage members
Member100Standard member access (default for new)
Guest50Limited guest access
View20Read-only access

Notification Options

ValueDescription
"Do not notify me"No notifications
"Notify me in app"In-app only (default)
"Notify me in app and via email"In-app and email
"Notify me via app, email and text message"All notification channels

Add Member or Send Invitation

POST /current/share/{share_id}/members/{email_or_user_id}/

Use a 19-digit user ID to add an existing user directly, or an email address to send an invitation. Auth required. Owner/admin only.

Request Body (Adding Existing User)

FieldTypeRequiredDefaultDescription
permissionsstringNomemberowner, admin, member, guest, view. Cannot be owner (use transfer).
notify_optionsstringNo"Notify me in app"Notification preference
expiresstringNoMembership expiration (YYYY-MM-DD HH:MM:SS UTC). null or "" to clear.
force_notificationbooleanNoResend notification email (60-second cooldown after initial add).

Request Body (Inviting by Email)

FieldTypeRequiredDefaultDescription
permissionsstringNomemberPermission level for the invitation
messagestringNoCustom message for the invitation email
invitation_expiresstringNoInvitation expiration datetime

Request Example

# Add existing user by ID
curl -X POST "https://api.fast.io/current/share/1234567890123456789/members/9876543210987654321/" \
  -H "Authorization: Bearer {jwt_token}" \
  -d '{"permissions": "member"}'

# Invite by email
curl -X POST "https://api.fast.io/current/share/1234567890123456789/members/newuser@example.com/" \
  -H "Authorization: Bearer {jwt_token}" \
  -d '{"permissions": "guest", "message": "Join our shared files!"}'

Response (Invitation Created)

{
  "result": true,
  "invitation": {
    "id": "5566778899001122334",
    "inviter": "Jane Smith",
    "invitee_email": "newuser@example.com",
    "invitee_uid": null,
    "accepted_uid": null,
    "entity_type": "share",
    "share": {
      "id": "1234567890123456789",
      "name": "Project Files"
    },
    "state": "pending",
    "consumed": false,
    "created": "2025-01-15 10:30:00 UTC",
    "updated": "2025-01-15 10:30:00 UTC",
    "expires": "2025-02-15 10:30:00 UTC"
  }
}

Error Responses

HTTP StatusCodeMessageCause
4001680 (Cannot Add As Owner)Adding a member as an owner is not allowedTried to add as owner
4001605 (Invalid Input)You cannot create a membership for the share owner.Target is share owner
4001605 (Invalid Input)You cannot add, update, or delete a membership with a higher permission...Permission exceeds caller
4031680 (Access Denied)You do not have permission to manage the members of this Share.Lacks member edit permission
4031685 (Feature Limit)Share invitation limit reached: X of Y invitations usedInvitation quota exceeded

Remove Member

DELETE /current/share/{share_id}/members/{user_id}/

Remove a member. Auth required. Owner/admin only. Cannot remove the last owner.

Leave Share (Self-Removal)

DELETE /current/share/{share_id}/member/

Leave a share. Auth required. Owners cannot leave; must transfer ownership first. Works on archived/expired shares.

Member Details

GET /current/share/{share_id}/member/{user_id}/details/

Get detailed membership info for a specific user. Auth required.

Response

{
  "result": true,
  "user": {
    "id": "9876543210987654321",
    "account_type": "human",
    "email_address": "member@example.com",
    "first_name": "John",
    "last_name": "Doe",
    "permissions": "admin",
    "status": "active",
    "invite": null,
    "notify": "Notify me in app",
    "expires": null
  }
}

Update Member

POST /current/share/{share_id}/member/{user_id}/update/

Update permissions, notification settings, or expiration. Auth required. Owner/admin only.

FieldTypeRequiredDescription
permissionsstringNoadmin, member, guest, view. Cannot set to owner.
notify_optionsstringNoNotification preference
expiresstringNoMembership expiration datetime. null/"" to clear.

Transfer Ownership

POST /current/share/{share_id}/member/{user_id}/transfer_ownership/

Transfer share ownership to another member. Auth required. Owner only. Current owner is demoted to admin.

List Members

GET /current/share/{share_id}/members/list/

List all members. Auth required.

Response

{
  "result": true,
  "users": [
    {
      "id": "1111111111111111111",
      "account_type": "human",
      "email_address": "owner@example.com",
      "first_name": "Jane",
      "last_name": "Smith",
      "permissions": "owner",
      "status": "active",
      "invite": null,
      "notify": "Notify me in app",
      "expires": null
    },
    {
      "id": "5566778899001122334",
      "account_type": "human",
      "email_address": "invited@example.com",
      "first_name": "invited@example.com",
      "last_name": "",
      "permissions": "guest",
      "status": "pending",
      "invite": {
        "id": "5566778899001122334",
        "created": "2025-01-15 10:30:00 UTC",
        "expires": "2025-02-15 10:30:00 UTC"
      },
      "notify": "Notify me in app",
      "expires": null
    }
  ]
}

Pending Members

When a user is invited to a share by email but does not yet have a Fastio account, they appear as a pending member in the member list. Pending members are placeholders that allow teams to pre-assign workflow items before the invitee signs up.

How pending members appear in responses:

Workflow assignments: On a share, guests (including still-pending invitees) have no workflow access — they cannot be assigned to an approval, task, or todo step, and share guests cannot use the Tasks API. Workflow approval reviewers must be workspace members; external non-member reviewers require the workspace's native-review tier to be extended. Newly created workspaces default to the extended tier (external reviewers available out of the box); a workspace that predates that default, or whose tier was explicitly set to mvs or cleared, supports external reviewers only after a workspace admin sets the extended tier via the workspace update endpoint.

Account claim: When the invited user signs up or accepts the invitation with an existing account, their status transitions from "pending" to "active". Their share access is preserved across the transition.

Removal: To remove a pending member, delete their invitation using the invitation endpoints (see List Invitations, Delete Invitation below). Deleting the invitation removes the pending member and unassigns any workflow items associated with them.

Notifications: Pending members do not receive in-app or email notifications until they claim their account.

Join Share

POST /current/share/{share_id}/members/join/
POST /current/share/{share_id}/members/join/{invitation_key}/
POST /current/share/{share_id}/members/join/{invitation_key}/accept/
POST /current/share/{share_id}/members/join/{invitation_key}/decline/

Join a share via self-join or invitation. Auth required.

Self-join rules (without invitation key):

Access OptionWho Can Self-Join
'Only members of the Share or Workspace'Members of the share or its parent workspace
'Members of the Share, Workspace or Org'Members of the share, parent workspace, or parent org
Other valuesSelf-join blocked; invitation required

Self-joined members receive member permission with no expiration. Only notify_options is respected from input.

List Invitations

GET /current/share/{share_id}/members/invitations/list/
GET /current/share/{share_id}/members/invitations/list/{state}/

List invitations, optionally filtered by state (pending, accepted, declined). Auth required.

Update Invitation

POST /current/share/{share_id}/members/invitation/{invitation_id}/

Update an invitation. {invitation_id} can be a numeric ID or an email address. Auth required.

FieldTypeRequiredDescription
statestringNopending, accepted, declined
permissionsstringNoUpdated permission level: admin, member, guest, view
notify_optionsstringNoUpdated notification preference
expiresstringNoUpdated membership expiration datetime

Delete Invitation

DELETE /current/share/{share_id}/members/invitation/{invitation_id}/

Revoke an invitation. {invitation_id} can be a numeric ID or an email address. Auth required.

Share Discovery

List All Shares

GET /current/shares/all/

List all accessible shares (joined, invited, owned). Auth required. Orphaned workspace folder shares are automatically filtered out.

Response Fields

Each share in the shares array includes the same fields as the details endpoint, plus:

FieldTypeDescription
shares[].user_statusstringUser's membership status (e.g., joined, invited)
shares[].folder_node_idstring|nullBacking folder node ID (workspace_folder only)
shares[].is_orphanedbooleanWhether backing folder was deleted

List Available Shares

GET /current/shares/available/

List shares the user has joined or owns (excludes pending invitations). Auth required. Does not include parent workspace/org information.

Check Share Name Availability

GET /current/shares/check/name/{name}/

Check if a share custom name is available. Auth required.

Status 202 Accepted = name available.

HTTP StatusCodeMessageCause
4001605 (Invalid Input)An invalid share name was supplied.Fails validation
4061658 (Not Acceptable)The supplied share name is already in use.Name already taken

List Shares in Workspace

GET /current/workspace/{workspace_id}/list/shares/

List shares belonging to a workspace. Auth required. Paginated with offset-based pagination.

Query ParameterTypeRequiredDescription
limitintegerNoNumber of results to return
offsetintegerNoNumber of results to skip
archivedstringNoBoolean string. Filter by archived state.

List User's Shares

GET /current/user/me/list/shares/

List all shares accessible to the current user (owned, joined, invited). Auth required. Paginated. Includes parent workspace and org information.

Query ParameterTypeRequiredDescription
limitintegerNoNumber of results to return
offsetintegerNoNumber of results to skip
archivedstringNoBoolean string. Filter by archived state.

Import Share into Workspace

POST /current/workspace/{workspace_id}/import/share/{share_id}/

Import a user-owned share into a workspace. Auth required. Caller must be the share owner with no other co-owners. The share must currently be user-owned (not already in a workspace). Archived shares are automatically unarchived during import.

Error Responses

HTTP StatusCodeMessageCause
4001605 (Invalid Input)This share is not owned by you and cannot be imported.Share not user-owned
4001605 (Invalid Input)The share has multiple owners...Multiple co-owners exist
4031685 (Feature Limit)The workspace has reached its share limit.Share quota exceeded
5001654 (Internal Error)Failed to import the share to the workspace.Internal error

Share AI

Shares support AI features when intelligence is enabled. Enabling intelligence and creating or sending chat messages require plan features (content_ai plus ai_agent for write/agentic flows). See the AI reference for the full plan matrix.

Auto-Generate OG Image

GET /current/share/{share_id}/ai/autoog/

Generate an Open Graph image for the share. Auth required.

Auto-Generate Title & Description

POST /current/share/{share_id}/ai/autotitle/

Generate a title and description for the share based on its contents. Auth required.

AI Chat

Share AI chat follows the same patterns as workspace AI chat. Replace /workspace/{id} with /share/{id} in all chat endpoints. For full AI chat documentation, see AI & Chat reference.

Endpoints

MethodEndpointDescription
POST/current/share/{share_id}/ai/chat/Create chat
GET/current/share/{share_id}/ai/chat/list/List chats
GET/current/share/{share_id}/ai/chat/{chat_id}/details/Chat details
POST/current/share/{share_id}/ai/chat/{chat_id}/update/Update chat
DELETE/current/share/{share_id}/ai/chat/{chat_id}/Delete chat
POST/current/share/{share_id}/ai/chat/{chat_id}/message/Send message
GET/current/share/{share_id}/ai/chat/{chat_id}/messages/list/List messages
GET/current/share/{share_id}/ai/chat/{chat_id}/message/{msg_id}/details/Message details
GET/current/share/{share_id}/ai/chat/{chat_id}/message/{msg_id}/read/Stream response (SSE)
POST/current/share/{share_id}/ai/chat/{chat_id}/publish/Publish chat (currently disabled platform-wide — returns 403)
POST/current/share/{share_id}/ai/share/AI share markdown

QuickShare (Workspace Feature)

Deprecated — use File Share. Creating or extending a QuickShare now returns 403 with a directed message pointing to POST /current/workspace/{workspace_id}/create/fileshare/. The durable File Share replaces it. Existing QuickShare links can still be viewed, downloaded, and revoked during the drain; the public read endpoints below remain live until the existing population reaches its natural expiry.

QuickShare creates a temporary public link for a single file. This is a workspace storage feature, not a share management feature, but is related to sharing.

Create QuickShare (deprecated → 403)

POST /current/workspace/{workspace_id}/storage/{node_id}/quickshare/

Deprecated. Returns 10756 (Quickshare Deprecated) (403) for the create and extend-expiry paths. Use POST /current/workspace/{workspace_id}/create/fileshare/ instead. The historical constraints (single file, max 1 GB, expires / expires_at) no longer apply because creation is closed.

QuickShare Details (Public)

GET /current/quickshare/{opaque_id}/details/

Returns metadata including file information, creator, expiration, and download limit status. No auth required.

Response

{
  "result": true,
  "quickshare": {
    "id": "aBcDeFgHiJ",
    "node": {
      "id": "1234567890123456789",
      "type": "file",
      "name": "presentation.pdf",
      "size": 5242880,
      "mimetype": "application/pdf",
      "mimecategory": "document"
    },
    "creator_uid": {
      "id": "9876543210987654321",
      "account_type": "human",
      "first_name": "Jane",
      "last_name": "Doe"
    },
    "limit_exceeded": false,
    "expires": "2024-01-15 13:30:00 UTC",
    "created": "2024-01-15 10:30:00 UTC"
  }
}

Download File (Public)

GET /current/quickshare/{opaque_id}/storage/read/

Returns raw binary file content with Content-Type and Content-Disposition headers. No auth required.

Transfer Limits:

Read Note Content (Public)

GET /current/quickshare/{opaque_id}/storage/readnote/

Reads the content of a note/markdown file as JSON. Returns the sanitized markdown content as a string along with the note resource. No auth required.

Response

{
  "result": true,
  "content": "# Note content here\n\nMarkdown text...",
  "note": {
    "id": "{opaque_note_id}",
    "type": "note",
    "name": "my-note.md",
    "size": 1024,
    "mimetype": "text/markdown",
    "mimecategory": "document"
  }
}

Error responses: Returns 1605 (Invalid Input) (400) if the node is not a note, 1609 (Not Found) (404) if the quickshare is not found or the note is in trash, 1656 (Bandwidth Limit) (429) if the transfer limit is reached, or 1680 (Access Denied) (403) if the file is inaccessible (virus/DMCA/locked).

Preview File (Public)

GET /current/quickshare/{opaque_id}/storage/preview/{preview_type}/read/
GET /current/quickshare/{opaque_id}/storage/preview/{preview_type}/read/file/{filename}

Preview types: binary, thumbnail, image, hls_stream, pdf, spreadsheet, audio, mp4. No auth required.

Preview Limits: Max 20x file size for total preview bytes.

Multi-file previews (e.g., HLS) return a 307 Temporary Redirect to a sub-file endpoint.

QuickShare Error Responses

HTTP StatusCodeMessageCause
4001605 (Invalid Input)Validation errorInvalid opaque ID
4041609 (Not Found)Quickshare not found.No such QuickShare
4291656 (Bandwidth Limit)You have exceeded the bandwidth policy for this Quickshare.Transfer limit reached
4031680 (Access Denied)You have reached the maximum number of previews for this Quickshare.Preview limit reached
4221698 (Unprocessable Entity)The source file is corrupt or unreadable and cannot be previewed.Source is corrupt/truncated; do not retry

File Share (Durable Single-File Share)

A File Share is the durable successor to QuickShare: a long-lived, link-shareable view of one file from a workspace. Unlike QuickShare it is durable by default (expiry is optional, never forced) and has no per-link transfer cap — bandwidth is metered to the owning organization. A File Share is bound to a single workspace file node at creation; the binding is immutable (rebinding means creating a new File Share).

Addressing — opaque id. A File Share is addressed by an opaque public id (the id_alt field): an unguessable, non-enumerable handle (the same id shape used for nodes and uploads), which appears in its share links. Every File Share route — public read and management alike — accepts this opaque id; the legacy numeric profile id is also accepted during the transition, so existing links keep working. Build links from id_alt.

Access Tiers

Set with access_option at create/update time:

TierValueWho can open the link
Anyone with linkanyone_with_linkAnyone, no account required (anonymous)
Any registeredany_registeredAny authenticated Fastio user
Named peoplenamed_peopleOnly users explicitly granted access (the default)

On top of the tier, per-user grants raise an individual user's capability — view, download, or edit. An optional link password can gate any tier; it is supplied on the public read endpoints via the x-ve-password request header, never in the URL.

Workspace members (implicit access). The shared file lives in the File Share's parent workspace, so an authenticated member of that workspace reaches it through the File Share exactly as they would through the workspace itself — admitted regardless of tier or named grant, at the capability their workspace role confers on the file (a workspace editor gets edit, a view-only member gets view). This is why the owner/creator and other workspace members can view — and collaboratively edit notes on — their own named_people share without granting themselves. A set link password still applies to members. Anonymous callers and non-members are governed solely by the tier + grant rules above.

Public Read Endpoints

These serve the link viewer. They are anonymous-allowed where the access tier permits (e.g. anyone_with_link); for any_registered / named_people the caller must present a bearer token and have sufficient access.

GET /current/fileshare/{fileshare_id}/details/

Viewer metadata and the bound file's public node metadata (name / size / type) — never the workspace path or owning-profile ids.

The effective_capability field is the single highest capability the calling identity actually holds on this File Share — view, download, or edit — resolved after the access tier, any per-user grant, and the link password are all applied. Use it to render the right controls up front (show the Download button only at download or higher; show “Upload new version” only at edit) instead of attempting an action and handling a later denial. Because the details response is only returned once the caller has passed the read gate, the value is present and at least view on the normal path; it is omitted only in the rare case the capability probe itself faults — treat an absent value as “unknown” and fall back to attempting the action.

Manage context (authenticated callers only). The details response additionally carries an optional manage block so an owner’s UI can decide whether to surface in-place management controls without a separate lookup:

These fields are additive — anonymous viewers and clients that ignore them are unaffected.

Details Response (authenticated manager)

{
  "result": true,
  "fileshare": {
    "fileshare": "1234567890123456789",
    "id_alt": "a2bk7yqe9z3w8h5n6m4xp1c0tv7rs",
    "title": "Quarterly Presentation",
    "access_option": "anyone_with_link",
    "has_password": false,
    "effective_capability": "download",
    "can_manage": true,
    "workspace_id": "9876543210987654321",
    "creator_uid": "1122334455667788990",
    "file": {
      "id": "f3jm5-zqzfx-pxdr2-dx8z5-bvnb3-rpjf",
      "type": "file",
      "name": "presentation.pdf",
      "size": 5242880,
      "mimetype": "application/pdf"
    }
  }
}

For an anonymous viewer the three manage fields are absent; for an authenticated non-manager only can_manage: false is present (no workspace_id / creator_uid).

GET /current/fileshare/{fileshare_id}/storage/read/

Download the bound file (raw binary with Content-Type and Content-Disposition headers). Requires the download capability.

GET /current/fileshare/{fileshare_id}/storage/preview/{preview_type}/read/
GET /current/fileshare/{fileshare_id}/storage/preview/{preview_type}/read/{download_token}/file/{filename}

Preview the bound file (view capability). Preview types match the storage preview surface (thumbnail, image, pdf, mp4, hls_stream, etc.). Multi-file previews (e.g. HLS) return a 307 Temporary Redirect to a sub-file endpoint.

GET /current/fileshare/{fileshare_id}/storage/versions/
GET /current/fileshare/{fileshare_id}/storage/versions/{version_id}/read/

List the bound file's versions (view capability) and download a specific historical version (download capability). Read-only — there is no restore/promote on the public surface.

Management Endpoints (Authenticated Workspace Member)

Creating, listing, updating, deleting, and managing grants are documented in the Workspaces reference (POST /current/workspace/{workspace_id}/create/fileshare/, GET /current/workspace/{workspace_id}/list/fileshares/, and the POST|PATCH /current/fileshare/{id}/update/, DELETE /current/fileshare/{id}/delete/, GET|POST|DELETE /current/fileshare/{id}/grants/ endpoints). All require the caller to be an authenticated member of the File Share's parent workspace.

External Edit (Write-Back)

A holder of an edit grant can replace the shared file's content without being a workspace member, by targeting the File Share id as the update target of a normal upload session. This is covered in the Upload reference (action=update, instance_id={fileshare_id}, file_id={bound_node_id}), including the optional if_version_id compare-and-swap precondition and how a version conflict is surfaced.

Collaborative Notes (Realtime)

When the bound file is a note (a .md text document), an authorized recipient can read and collaboratively edit it in real time rather than downloading and re-uploading binary content. Real-time edits from a File Share recipient and from members of the owning workspace converge on the same live document — there is no forking or separate copy. A note bound to a File Share cannot be replaced by a binary upload; its content changes only through the endpoints below or the real-time collaboration session.

The flow is: mint a short-lived collaboration token with the note-auth endpoint, then use that token (not your session bearer token) to read the note's text and, if you hold an edit grant, to push updates. The same token is what a client presents to join the real-time collaboration session.

GET /current/fileshare/{fileshare_id}/realtime/note-auth/{note_id}/

Mint a short-lived (15-minute) collaboration token for the bound note. The caller must be signed in and must pass the File Share's access gate — including the x-ve-password header when the link is password-protected. The token grants editing when the caller holds an edit grant on the File Share or is a workspace member whose role confers edit on the file; otherwise a read-only token is returned. Anonymous anyone-with-link visitors cannot mint a token (they use the read-only download/preview surface above).

Note-Auth Response

{
  "expires_in": 900,
  "auth_token": "..."
}
GET /current/fileshare/{fileshare_id}/storage/readnote/{note_id}/

Return the note's current text content along with a safe metadata summary of the note. Requires the collaboration token from the note-auth endpoint — this is not a session endpoint, so a session bearer token alone is not accepted. Pass an optional version_id query parameter to read a historical version instead of the live content.

POST /current/fileshare/{fileshare_id}/storage/updatenote/{note_id}/

Replace the note's text content and/or rename it. Requires an edit collaboration token (a read-only token is rejected). Send the note name and content in the request body. An empty or whitespace-only content value is rejected as invalid input. Supply the optional if_version_id precondition to perform a compare-and-swap; on a version conflict the endpoint returns 409 with the current version so the client can rebase and retry.

Owner-Side Visibility (Comments)

A File Share is a view of a file that also lives in the owning workspace, so comments left by File Share recipients are visible to workspace members on that same file — it's the same node, so the comments appear in both places. For a workspace member:

This visibility is one-directional: workspace ⊇ File Share. Workspace members see File Share comments, but File Share recipients never see the workspace's internal comments — a recipient's view stays isolated to their own File Share's comment thread.

File Share Error Responses

HTTP StatusCodeCause
4001605 (Invalid Input)Invalid id or input value
4011650 (Authentication Invalid)A link password is required and was missing or wrong (present it via the x-ve-password header)
4031700 (Forbidden)The access tier or named grant does not permit the caller
4041609 (Not Found)No such File Share, or the bound file content is no longer available

Share Workflow

Shares support the Tasks feature (task lists) when workflow is enabled. Workflow requires the workflow billing plan feature, which is also required for workflow orchestration.

Enable Workflow

POST /current/share/{share_id}/workflow/enable/

Enable workflow features on a share. Auth required. Admin only. Idempotent — returns success if already enabled.

Response

Status: 200 OK

{
  "result": true,
  "message": "Workflow features enabled",
  "workflow": true
}

Disable Workflow

POST /current/share/{share_id}/workflow/disable/

Disable workflow features on a share. Auth required. Admin only. Idempotent — returns success if already disabled.

Response

Status: 200 OK

{
  "result": true,
  "message": "Workflow features disabled",
  "workflow": false
}

List Task Lists

GET /current/share/{share_id}/tasks/

List all task lists for a share. Auth required. Workflow view permission required. Supports offset-based pagination (limit/offset). Supports format=markdown query parameter for markdown output.

Response

Status: 200 OK

{
  "result": true,
  "task_lists": [
    {
      "id": "aBcDeFgHiJ",
      "profile_id": "1234567890123456789",
      "name": "Sprint 1",
      "description": "First sprint tasks",
      "created_by": "9876543210987654321",
      "properties": {},
      "sort_order": 0,
      "created": "2026-01-15 10:30:00 UTC",
      "updated": "2026-01-15 10:30:00 UTC",
      "deleted": null
    }
  ],
  "pagination": {
    "limit": 50,
    "offset": 0,
    "total": 1
  }
}

Create Task List

POST /current/share/{share_id}/tasks/create/

Create a new task list in a share. Auth required. Workflow modify permission required. Request body is JSON.

Request Body

FieldTypeRequiredDescription
namestringYesTask list name
descriptionstringNoTask list description
propertiesobjectNoCustom properties (default {})
sort_orderintegerNoSort position (default 0)

Request Example

curl -X POST "https://api.fast.io/current/share/1234567890123456789/tasks/create/" \
  -H "Authorization: Bearer {jwt_token}" \
  -H "Content-Type: application/json" \
  -d '{"name": "Sprint 1", "description": "First sprint tasks"}'

Response

Status: 200 OK

{
  "result": true,
  "task_list": {
    "id": "aBcDeFgHiJ",
    "profile_id": "1234567890123456789",
    "name": "Sprint 1",
    "description": "First sprint tasks",
    "created_by": "9876543210987654321",
    "properties": {},
    "sort_order": 0,
    "created": "2026-01-15 10:30:00 UTC",
    "updated": "2026-01-15 10:30:00 UTC",
    "deleted": null
  }
}

Error Responses

HTTP StatusCodeMessageCause
4001605 (Invalid Input)Invalid task list nameName fails validation
4001605 (Invalid Input)Invalid descriptionDescription fails validation
4001605 (Invalid Input)Invalid JSON in request bodyMalformed JSON body

Reorder Task Lists

POST /current/share/{share_id}/tasks/reorder/

Bulk reorder task lists within a share. Auth required. Workflow modify permission required. Request body is JSON. Prevents concurrent reordering.

Request Body

FieldTypeRequiredDescription
orderarrayYesNon-empty array of {id, sort_order} objects

Each entry in order:

FieldTypeRequiredDescription
idstringYesTask list opaque ID
sort_orderintegerYesNew sort position

Request Example

curl -X POST "https://api.fast.io/current/share/1234567890123456789/tasks/reorder/" \
  -H "Authorization: Bearer {jwt_token}" \
  -H "Content-Type: application/json" \
  -d '{"order": [{"id": "aBcDeFgHiJ", "sort_order": 0}, {"id": "kLmNoPqRsT", "sort_order": 1}]}'

Response

Status: 200 OK

{
  "result": true,
  "reordered": 2,
  "profile_id": "1234567890123456789"
}

Error Responses

HTTP StatusCodeMessageCause
4001605 (Invalid Input)order must be a non-empty array of {id, sort_order}...Missing or empty order array
4001605 (Invalid Input)Each order entry must have id and sort_order fields...Malformed entry
4001605 (Invalid Input)Task list ID ... does not belong to this shareID not owned by this share

Workflow-Native Sign-off & Checklists

For human sign-off on a share's files use workflow review via either approval step type — both produce a reviewer roster, version-pinned assets, a per-reviewer per-asset decision matrix, and a resolution policy. The lock-based approval step pulls the reviewed files into workspace storage and write-locks them while the review is pending, releasing them on resolution. The in-place approval_in_place step instead reviews the files where they already live in the share/portal/file share with no move/copy/lock — the approved version is version-stamped and content-hashed for durable audit and later changes surface as drift. The fastest way to start an in-place review on a single file is the "Request approval" quick path (POST /current/workflow-review/quick-approval/), which provisions a private file share for the chosen reviewers and starts a one-step in-place approval run in a single call (single file, members-only roster in v1; for multi-file or external reviewers, author an approval_in_place step in a workflow). For checklist items use the workflow todo step (both step types in the workflow orchestration tool). The Tasks API (task lists & tasks) is the supported task-tracking surface. See the Workflow reference for these surfaces.

Workflow Error Responses (Shared)

All workflow endpoints (tasks, enable/disable) share these common errors:

HTTP StatusCodeMessageCause
403144499You do not have permissions to access this share.Lacks admin permission (enable/disable)
403Workflow features are only available to share members...Lacks workflow view/modify permission
4121685 (Feature Limit)Workflow feature not availableBilling plan does not include workflow

Share Storage

Share storage follows the same API patterns as workspace storage. See Storage reference for full endpoint documentation.

Replace /workspace/{workspace_id} with /share/{share_id} in all storage paths. Available operations:

Not available in shares: addlink, createnote, updatenote, quickshare

↑ Back to top