Share Management Purpose-built data rooms for exchanging files with internal teams and external guests.
Shares are purpose-built data rooms for exchanging files with internal teams and external guests. They support branded file preview, download controls, guest access, password protection, expiration, AI-powered features, and real-time collaboration.
Share Types
| Type | Direction | Description | Guest Uploads | "Anyone with the link" Access |
|---|---|---|---|---|
send | Owner → Guest | Owner distributes files; guests can download only | No | Allowed |
receive | Guest → Owner | Owner collects files; guests can upload only | Yes | Not allowed |
exchange | Bidirectional | Both parties can upload and download | Yes | Not allowed |
Default share type is exchange.
Storage Modes (Immutable at Creation)
Room (storage_mode=independent, default)
The share has its own isolated storage. Files added to the room are independent of any workspace. Changes to workspace files do not affect the room, and vice versa.
Features: Expiration dates, archiving, password protection (Send type only), custom branding, guest access, inline file preview, download controls, post-download messaging, AI auto-titling.
Shared Folder (storage_mode=workspace_folder)
The share is backed by a specific workspace folder. The share displays the live contents of that folder — files added, updated, or removed in the workspace folder are immediately reflected in the share. No file duplication, so no extra storage cost.
Creation: Pass folder_node_id={folder_opaque_id} to link an existing folder, or create_folder=true with folder_name to create a new one.
Restrictions: Expiration dates and archiving are not allowed since the content is live. Each workspace folder can only be shared once. If the backing folder is deleted, the share becomes orphaned (is_orphaned: true in details response).
Both modes look the same to share recipients — a branded data room with file preview, download controls, and all share features.
Access Options
The access_options parameter controls who can access the share:
| Value | Description |
|---|---|
'Only members of the Share or Workspace' | Most restrictive (default). Only explicit members or workspace members. |
'Members of the Share, Workspace or Org' | Org members can also access |
'Anyone with a registered account' | Any authenticated Fast.io user |
'Anyone with the link' | Public access. Enables password protection (Send type only). |
Restrictions:
- Receive and Exchange shares cannot use
'Anyone with the link'because file uploads require user identity. - Enabling comments or certain notification settings on a share with
'Anyone with the link'access automatically upgrades access to'Anyone with a registered account'because those features require user identity. - Changing share type to
receiveorexchangewhile access is'Anyone with the link'automatically upgrades access to'Anyone with a registered account'.
Create Share
Create a new share in a workspace. Auth required.
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| {workspace_id} | string | Yes | 20-digit numeric workspace profile ID |
Required Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| intelligence | string | Yes | Boolean string ("true" / "false"). Enable AI indexing. |
Optional Parameters
| Parameter | Type | Default | Constraints | Description |
|---|---|---|---|---|
| share_type | string | exchange | send, receive, exchange | Share direction type |
| access_options | string | Only members of the Share or Workspace | See Access Options | Who can access the share |
| invite | string | owners | owners, guests | Who can manage share invitations |
| storage_mode | string | independent | independent, workspace_folder | Storage mode (immutable after creation) |
| folder_node_id | string | — | Valid opaque ID | Workspace folder opaque ID (required for workspace_folder if not creating) |
| create_folder | string | — | Boolean string | Create a new backing folder (with folder_name) |
| folder_name | string | Shared Folder | Not blank | Name for the new backing folder (with create_folder=true) |
| title | string | — | 2-80 chars | Share display title |
| description | string | — | 10-500 chars | Share description |
| custom_name | string | Auto-generated | 10-100 chars, URL-friendly | URL-friendly custom name. Auto-generated opaque ID if omitted. |
| password | string | — | 4-128 chars | Password. Only with Send type + 'Anyone with the link' access. |
| expires | string | — | MySQL datetime | Expiration date. Room mode only. |
| notify | string | never | never, notify_on_file_received, notify_on_file_sent_or_received | Notification preference |
| comments_enabled | string | — | Boolean string | Enable comments |
| download_enabled | string | — | Boolean string | Enable downloads |
| guest_chat_enabled | string | — | Boolean string | Enable guest AI chat |
| display_type | string | — | Not blank | Visual display mode (grid, list) |
| workspace_style | string | — | Not blank | Workspace visual style |
| accent_color | string | — | Valid JSON | JSON color object for accent |
| background_color1 | string | — | Valid JSON | JSON color object for primary background |
| background_color2 | string | — | Valid JSON | JSON color object for secondary background |
| background_image | integer | — | Numeric, validated range | Background image selection |
| link_1 | string | — | Valid JSON | JSON link object (custom link #1) |
| link_2 | string | — | Valid JSON | JSON link object (custom link #2) |
| link_3 | string | — | Valid JSON | JSON link object (custom link #3) |
| owner_defined | string | — | Valid JSON or "null" | Custom owner-defined properties |
Request Example
curl -X POST "https://api.fast.io/current/workspace/12345678901234567890/create/share/" \
-H "Authorization: Bearer {jwt_token}" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "share_type=send&intelligence=true&access_options=Anyone+with+the+link&title=Client+Deliverables"Response
Status: 200 OK
{
"result": "yes",
"response": {
"share": {
"id": "98765432109876543210",
"custom_name": "aB3cD4eF5g",
"storage_mode": "independent"
}
},
"current_api_version": "1.0"
}For workspace folder shares, the response also includes folder_node_id.
Response Fields
| Field | Type | Description |
|---|---|---|
response.share.id | string | 20-digit share profile ID |
response.share.custom_name | string | URL name (custom or auto-generated) |
response.share.storage_mode | string | independent or workspace_folder |
response.share.folder_node_id | string | Backing folder node ID (workspace_folder only) |
Error Responses
| HTTP Status | Code | Message | Cause |
|---|---|---|---|
| 400 | APP_ERROR_INPUT_INVALID | An invalid share custom name was supplied. | Custom name fails validation |
| 400 | APP_ERROR_INPUT_INVALID | An invalid share expiration date was supplied. | Invalid MySQL datetime format |
| 400 | APP_ERROR_INPUT_INVALID | Password can only be set for shares with 'Anyone' access option. | Password on non-public share |
| 400 | APP_ERROR_INPUT_INVALID | Receive and Exchange shares cannot have 'Anyone' access option... | Public access on receive/exchange |
| 400 | APP_ERROR_INPUT_INVALID | Workspace folder shares cannot have an expiration date... | Expiration on workspace_folder share |
| 400 | APP_ERROR_INPUT_INVALID | Must provide folder_node_id or set create_folder=true... | Missing folder config for workspace_folder mode |
| 403 | APP_FEATURE_LIMIT | The organization has reached its share creation limit... | Share quota exceeded for billing plan |
| 406 | APP_NOT_ACCEPTABLE | The supplied share custom name is already in use. | Duplicate custom name |
| 406 | APP_NOT_ACCEPTABLE | This folder has already been shared. | Folder already linked to another share |
| 409 | APP_CONFLICT | Unable to process share creation request due to concurrent operation. | Concurrent creation race condition |
| 500 | APP_ERROR_UPDATE_ERROR | There was an internal error processing your create request. | Database failure |
Share Details
Get full share details. Auth required (optional for public shares). {share_id} accepts a 20-digit numeric ID or a custom name.
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| {share_id} | string | Yes | 20-digit share profile ID or custom name |
Request Example
curl -X GET "https://api.fast.io/current/share/12345678901234567890/details/" \
-H "Authorization: Bearer {jwt_token}"Response
Status: 200 OK
{
"result": "yes",
"response": {
"share": {
"id": "12345678901234567890",
"title": "Q4 Financial Reports",
"description": "Quarterly financial documents",
"share_type": "exchange",
"custom_name": "q4-reports",
"storage_mode": "independent",
"closed": false,
"archived": false,
"share_level": "owner",
"download_enabled": true,
"activity_tracking": {
"enabled": true,
"owner_activity": true,
"guest_activity": true,
"own_activity": true,
"all_upload_activity": false
},
"comments": {
"enabled": true,
"owner_comments_visible": true,
"guest_comments_visible": true,
"personal_replies_visible": true,
"owner_replies_visible": true
},
"filesystem": {
"file_creation": true,
"file_modification": "owned",
"file_download": "all",
"file_view": "all",
"folder_creation": true,
"folder_modification": "owned"
},
"event_flow": {
"enabled": true,
"can_see_own_events": true,
"can_see_owner_events": true,
"can_see_guest_events": false
},
"multiplayer": {
"enabled_for_user": true,
"enabled_for_owners": true,
"enabled_for_guests": true,
"owners_can_see_guests": true,
"guests_can_see_owners": false
},
"member_visibility": {
"user_can_see_members": true,
"owners_can_see_members": true,
"guests_can_see_members": false
},
"invite": {
"setting": "owners_only",
"can_invite": true
},
"capabilities": {
"can_archive": true,
"can_set_expiration": true
},
"parent_type": "workspace",
"parent_workspace": "98765432109876543210",
"parent_org": "11223344556677889900",
"created": "2024-01-01 10:00:00",
"expires": "2024-12-31 23:59:59"
}
},
"current_api_version": "1.0"
}Response Fields
| Field | Type | Description |
|---|---|---|
response.share.id | string | Share profile ID |
response.share.title | string|null | Display title |
response.share.description | string|null | Share description |
response.share.share_type | string | send, receive, or exchange |
response.share.custom_name | string|null | URL-friendly custom name |
response.share.storage_mode | string | independent or workspace_folder |
response.share.closed | boolean | Whether the share has been soft-deleted |
response.share.archived | boolean | Whether the share is archived |
response.share.share_level | string | Current user's access level: owner, guest, public, excluded |
response.share.download_enabled | boolean | Whether file downloads are allowed |
response.share.activity_tracking | object | Activity visibility settings |
response.share.comments | object | Comment visibility and permission settings |
response.share.filesystem | object | File and folder operation permissions |
response.share.event_flow | object | Real-time event visibility settings |
response.share.multiplayer | object | Real-time collaboration/presence settings |
response.share.member_visibility | object | Who can see other share members |
response.share.invite | object | Invitation policy settings |
response.share.capabilities | object | Operations allowed based on storage mode |
response.share.parent_type | string|null | workspace or user |
response.share.parent_workspace | string|null | Parent workspace ID (workspace-owned shares only) |
response.share.parent_org | string|null | Parent organization ID (workspace-owned shares only) |
response.share.created | string | Creation timestamp (MySQL datetime) |
response.share.expires | string|null | Expiration timestamp, or null |
response.share.folder_node_id | string|null | Backing folder node ID (workspace_folder only) |
response.share.is_orphaned | boolean | Whether backing folder was deleted (workspace_folder only) |
Error Responses
| HTTP Status | Code | Message | Cause |
|---|---|---|---|
| 401 | APP_AUTH_INVALID | Authentication required | Non-public share without auth |
| 403 | 144499 | You do not have permissions to view this share. | Lacks view permission |
Public Share Details
Returns a comprehensive view of a share from a single API call. Includes share details, owner information, file listing, member list, and comments. No auth required (optional; enhances permissions if provided).
Rate Limits: 3/3s, 15/10s, 20/60s, 50/hour, 200/day (per IP).
For password-protected shares, pass the password JWT in the x-ve-password header (obtained from the password auth endpoint).
Request Example
# Public access (no auth)
curl -X GET "https://api.fast.io/current/share/12345678901234567890/public/details/"
# Password-protected share
curl -X GET "https://api.fast.io/current/share/12345678901234567890/public/details/" \
-H "x-ve-password: {password_jwt_token}"
# Authenticated user
curl -X GET "https://api.fast.io/current/share/12345678901234567890/public/details/" \
-H "Authorization: Bearer {jwt_token}"Response
Status: 200 OK
{
"result": "yes",
"response": {
"share": {
"id": "12345678901234567890",
"title": "Q4 Financial Reports",
"share_type": "exchange",
"storage_mode": "independent"
},
"owner": {
"id": "99887766554433221100",
"display_name": "Jane Smith",
"avatar": "https://..."
},
"nodes": [
{
"id": "aB3cD4eF5g",
"name": "report.pdf",
"type": "file",
"size": 1048576,
"parent": "root"
}
],
"users": [
{
"id": "11223344556677889900",
"display_name": "John Doe",
"role": "guest"
}
],
"comments": [],
"org": {
"id": "55667788990011223344",
"name": "Acme Corp"
}
},
"current_api_version": "1.0"
}Response Fields
| Field | Type | Description |
|---|---|---|
response.share | object | Full share details (same as details endpoint) |
response.owner | object | Share owner's user resource |
response.nodes | array | Top-level files and folders in the share root |
response.users | array | Share members (if user has member visibility permission) |
response.comments | array | Comments on the share (filtered by visibility permissions) |
response.org | object|null | Organization resource (only for workspace-owned shares) |
Error Responses
| HTTP Status | Code | Message | Cause |
|---|---|---|---|
| 403 | 183836 | You do not have permissions to view this share. | Lacks public view permission |
| 500 | 121168 | Failed to access share storage | Internal storage error |
Update Share
Update share settings. Auth required. Owner/admin only. Supports partial updates. Works on archived shares.
Rate Limits: 5/3s, 20/30s, 50/5min, 300/hour, 500/day (per share + user).
Request Body (All Fields Optional)
| Parameter | Type | Constraints | Description |
|---|---|---|---|
| name | string | Not blank | Share display name |
| title | string | Not blank, or "null" to clear | Display title (2-80 chars) |
| description | string | "null" or "" to clear | Share description (10-500 chars) |
| custom_name | string | 10-100 chars, or "null" to clear | URL-friendly custom name. Must be unique. |
| share_type | string | send, receive, exchange | Share direction type |
| access_options | string | See Access Options | Who can access the share |
| invite | string | owners, guests | Who can manage invitations |
| password | string | 4-128 chars, "null"/"" to clear | Password. Only with Send type + 'Anyone with the link'. |
| expires | string | MySQL datetime, "null" to clear | Expiration. Room mode only. |
| notify | string | See notification values | Notification preference |
| comments_enabled | string | Boolean string | Enable/disable comments |
| download_enabled | string | Boolean string | Enable/disable downloads |
| display_type | string | grid, list | Visual display mode |
| workspace_style | string | Not blank | Workspace visual style |
| guest_chat_enabled | string | Boolean string | Enable/disable guest AI chat |
| intelligence | string | Boolean string | Cannot be re-enabled once disabled |
| accent_color | string | JSON or "null" | JSON color object for accent |
| background_color1 | string | JSON or "null" | JSON color object for primary background |
| background_color2 | string | JSON or "null" | JSON color object for secondary background |
| background_image | integer | Numeric, validated range | Background image selection |
| link_1 | string | JSON or "null" | JSON link object (custom link #1) |
| link_2 | string | JSON or "null" | JSON link object (custom link #2) |
| link_3 | string | JSON or "null" | JSON link object (custom link #3) |
| owner_defined | string | JSON or "null" | Custom owner-defined properties |
| share_link_node_id | string | "null" only | Can only be set to "null" to remove workspace share link node |
Request Example
curl -X POST "https://api.fast.io/current/share/12345678901234567890/update/" \
-H "Authorization: Bearer {jwt_token}" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "title=Updated+Title&description=New+description&share_type=exchange"Response
Status: 200 OK
{
"result": "yes",
"current_api_version": "1.0"
}Important Behaviors
- Password auto-clear: Changing access away from
'Anyone with the link'automatically clears the password. - Access auto-upgrade: Enabling comments or notification settings that require user identity automatically upgrades access from
'Anyone with the link'to'Anyone with a registered account'. - Share type auto-upgrade: Changing to
receiveorexchangewhile access is'Anyone with the link'upgrades access to'Anyone with a registered account'. - Intelligence: Once disabled, intelligence cannot be re-enabled.
- Expiration: Workspace folder shares cannot have expiration dates. Expiration is validated against the billing plan.
- Share link sync: Updating the share name automatically renames any associated workspace share link node.
Error Responses
| HTTP Status | Code | Message | Cause |
|---|---|---|---|
| 400 | APP_ERROR_INPUT_INVALID | An invalid share custom name was supplied. | Invalid or duplicate custom name |
| 400 | APP_ERROR_INPUT_INVALID | An invalid share expiration date was supplied. | Invalid datetime format |
| 400 | APP_ERROR_INPUT_INVALID | Password can only be set for shares with 'Anyone' access option. | Password on non-public share |
| 400 | APP_ERROR_INPUT_INVALID | Intelligence cannot be enabled once it has been disabled... | Re-enabling intelligence |
| 400 | APP_ERROR_INPUT_INVALID | Workspace folder shares cannot have an expiration date... | Expiration on workspace_folder share |
| 400 | APP_ERROR_INPUT_INVALID | Receive and Exchange shares cannot have 'Anyone' access option... | Public access on receive/exchange |
| 403 | 144499 | You do not have permissions to access this share. | User lacks admin permission |
| 406 | APP_NOT_ACCEPTABLE | The supplied share custom name is already in use. | Duplicate custom name |
| 500 | APP_ERROR_UPDATE_ERROR | There was an internal error processing your update request. | Database failure |
Delete Share
Soft-delete (close) a share. Auth required. Owner/admin only. Requires confirmation.
Rate Limits: 100/5min, 3000/hour, 5000/day (per workspace).
Request Body
| Parameter | Type | Required | Description |
|---|---|---|---|
| confirm | string | Yes | Must match either the share's custom_name or the share's id. Safety check. |
Request Example
curl -X DELETE "https://api.fast.io/current/share/12345678901234567890/delete/" \
-H "Authorization: Bearer {jwt_token}" \
-d "confirm=my-share-name"Response
Status: 202 Accepted
{
"result": "yes",
"current_api_version": "1.0"
}Error Responses
| HTTP Status | Code | Message | Cause |
|---|---|---|---|
| 400 | APP_ERROR_INPUT_INVALID | The confirm field provided does not match. | Confirmation mismatch |
| 403 | 144499 | You do not have permissions to access this share. | Lacks admin permission |
| 500 | APP_ERROR_UPDATE_ERROR | There was an internal error processing your request. | Database failure |
Notes
- Soft delete with retention period before permanent removal.
- For workspace folder shares, the share reference in the backing folder is cleaned up.
- Share link nodes in the parent workspace are also removed.
Archive / Unarchive
Archive or unarchive a share. Auth required. Owner/admin only. Rooms only — workspace folder shares cannot be archived.
Rate Limits (archive): 100/5min, 3000/hour, 5000/day (per workspace).
Rate Limits (unarchive): 50/5min, 300/hour, 500/day (per share).
No request body required.
Request Example
curl -X POST "https://api.fast.io/current/share/12345678901234567890/archive/" \
-H "Authorization: Bearer {jwt_token}"Response
Status: 202 Accepted
{
"result": "yes",
"current_api_version": "1.0"
}Error Responses
| HTTP Status | Code | Message | Cause |
|---|---|---|---|
| 400 | APP_ERROR_INPUT_INVALID | Workspace folder shares cannot be archived... | workspace_folder share |
| 400 | APP_ERROR_UPDATE_ERROR | The share is already archived. / The share is not archived. | Wrong current state |
| 403 | 144499 | You do not have permissions to access this share. | Lacks admin permission |
Notes
- Archived shares block guest access.
- Unarchiving requires the
KEY_SHARE_UNARCHIVE_ALLOWEDbilling plan feature flag.
Password Protection
Available only on Send shares with 'Anyone with the link' access.
Set/Update Password
Set via password parameter on create or update (4-128 chars). Send "null" or "" to clear.
Authenticate with Password
Authenticate with a share password to get a scoped JWT token. No user auth required.
Rate Limits: 3/3s, 10/10s, 15/60s, 30/hour, 100/day (per IP). Heavily rate-limited to prevent brute force.
Request Body
| Parameter | Type | Required | Description |
|---|---|---|---|
| password | string | Yes | Share password |
Request Example
curl -X POST "https://api.fast.io/current/share/12345678901234567890/auth/password/" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "password=mysecretpassword"Response
Status: 200 OK
{
"result": "yes",
"response": {
"expires_in": 86400,
"auth_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
},
"current_api_version": "1.0"
}Response Fields
| Field | Type | Description |
|---|---|---|
response.expires_in | integer | Token lifetime in seconds (86400 = 24 hours) |
response.auth_token | string | JWT token to use in x-ve-password header |
Error Responses
| HTTP Status | Code | Message | Cause |
|---|---|---|---|
| 400 | Input validation | Password is required for authentication. | Missing password field |
| 401 | APP_AUTH_INVALID | This share does not require password authentication. | Not password-protected or not public |
| 406 | APP_NOT_ACCEPTABLE | Invalid password provided for this share. | Wrong password |
| 500 | APP_INTERNAL_ERROR | Failed to create authentication token. | JWT creation failure |
Notes
- Token expires after 24 hours.
- If the share's password is changed, all previously issued tokens become invalid.
- Use the returned token in the
x-ve-passwordheader for subsequent share requests.
Expiration
Available only on room shares (not workspace folder).
Set the expires parameter (MySQL datetime format: YYYY-MM-DD HH:MM:SS) on create or update. Send "null" to clear. When the share expires, access is revoked. Expiration is validated against the billing plan.
Branding & Styling
Shares support custom branding through the update endpoint:
| Parameter | Type | Description |
|---|---|---|
accent_color | string | JSON color object for accent |
background_color1 | string | JSON color object for primary bg |
background_color2 | string | JSON color object for secondary bg |
background_image | integer | Background image selection (numeric) |
link_1 | string | JSON link object (custom link #1) |
link_2 | string | JSON link object (custom link #2) |
link_3 | string | JSON link object (custom link #3) |
Send "null" for any JSON field to clear it.
Share Assets
List Available Asset Types
Returns the schema of available asset types (e.g., logo, background). No auth required.
List Share Assets
List assets set on a share. Auth required. Owner/admin only.
Upload/Set Asset
Upload an asset (multipart/form-data). Auth required. Owner/admin only.
| Field | Type | Required | Description |
|---|---|---|---|
| file | file | Yes | The asset file to upload |
| metadata | JSON | No | Optional metadata for the asset |
Request Example
curl -X POST "https://api.fast.io/current/share/12345678901234567890/assets/logo/" \
-H "Authorization: Bearer {jwt_token}" \
-F "file=@logo.png" \
-F 'metadata={"crop_x": 0, "crop_y": 0}'Delete Asset
Remove an asset. Auth required. Owner/admin only.
Read Asset Binary
Returns raw binary data of a share asset. Auth optional for public shares. Works on archived shares.
| Query Parameter | Type | Required | Description |
|---|---|---|---|
| width | integer | No | Requested width (max 4096). Background images only. |
| height | integer | No | Requested height (max 4096). Background images only. |
Share Members
Permission Levels
| Level | Value | Description |
|---|---|---|
| Owner | 1000 | Full control and ownership |
| Admin | 500 | Administrative access, manage members |
| Member | 100 | Standard member access (default for new) |
| Guest | 50 | Limited guest access |
| View | 20 | Read-only access |
Notification Options
| Value | Description |
|---|---|
"Do not notify me" | No notifications |
"Notify me in app" | In-app only (default) |
"Notify me in app and via email" | In-app and email |
"Notify me via app, email and text message" | All notification channels |
Add Member or Send Invitation
Use a 20-digit user ID to add an existing user directly, or an email address to send an invitation. Auth required. Owner/admin only.
Rate Limits: 15/3s, 25/10s, 50/60s, 100/hour, 1000/day.
Request Body (Adding Existing User)
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
| permissions | string | No | member | owner, admin, member, guest, view. Cannot be owner (use transfer). |
| notify_options | string | No | "Notify me in app" | Notification preference |
| expires | string | No | — | Membership expiration (YYYY-MM-DD HH:MM:SS). null or "" to clear. |
| force_notification | boolean | No | — | Resend notification email (60-second cooldown after initial add). |
Request Body (Inviting by Email)
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
| permissions | string | No | member | Permission level for the invitation |
| message | string | No | — | Custom message for the invitation email |
| invitation_expires | string | No | — | Invitation expiration datetime |
Request Example
# Add existing user by ID
curl -X POST "https://api.fast.io/current/share/12345678901234567890/members/98765432109876543210/" \
-H "Authorization: Bearer {jwt_token}" \
-d '{"permissions": "member"}'
# Invite by email
curl -X POST "https://api.fast.io/current/share/12345678901234567890/members/newuser@example.com/" \
-H "Authorization: Bearer {jwt_token}" \
-d '{"permissions": "guest", "message": "Join our shared files!"}'Response (Invitation Created)
{
"result": "yes",
"response": {
"invitation": {
"id": "55667788990011223344",
"inviter": "Jane Smith",
"invitee_email": "newuser@example.com",
"invitee_uid": null,
"accepted_uid": null,
"entity_type": "share",
"share": {
"id": "12345678901234567890",
"name": "Project Files"
},
"state": "pending",
"consumed": false,
"created": "2025-01-15 10:30:00",
"updated": "2025-01-15 10:30:00",
"expires": "2025-02-15 10:30:00"
}
},
"current_api_version": "1.0"
}Error Responses
| HTTP Status | Code | Message | Cause |
|---|---|---|---|
| 400 | APP_CANNOT_ADD_AS_OWNER | Adding a member as an owner is not allowed | Tried to add as owner |
| 400 | APP_ERROR_INPUT_INVALID | You cannot create a membership for the share owner. | Target is share owner |
| 400 | APP_ERROR_INPUT_INVALID | You cannot add, update, or delete a membership with a higher permission... | Permission exceeds caller |
| 403 | APP_DENIED | You do not have permission to manage the members of this Share. | Lacks member edit permission |
| 403 | APP_FEATURE_LIMIT | Share invitation limit reached: X of Y invitations used | Invitation quota exceeded |
Remove Member
Remove a member. Auth required. Owner/admin only. Cannot remove the last owner.
Rate Limits: 15/3s, 25/10s, 50/60s, 100/hour, 1000/day.
Leave Share (Self-Removal)
Leave a share. Auth required. Owners cannot leave; must transfer ownership first. Works on archived/expired shares.
Member Details
Get detailed membership info for a specific user. Auth required.
Rate Limits: 200/3s, 500/10s, 750/60s, 1000/hour, 2500/day.
Response
{
"result": "yes",
"response": {
"user": {
"id": "98765432109876543210",
"account_type": "human",
"email_address": "member@example.com",
"first_name": "John",
"last_name": "Doe",
"permissions": "admin",
"invite": null,
"notify": "Notify me in app",
"expires": null
}
},
"current_api_version": "1.0"
}Update Member
Update permissions, notification settings, or expiration. Auth required. Owner/admin only.
Rate Limits: 10/3s, 25/10s, 50/60s, 100/hour, 1000/day.
| Field | Type | Required | Description |
|---|---|---|---|
| permissions | string | No | admin, member, guest, view. Cannot set to owner. |
| notify_options | string | No | Notification preference |
| expires | string | No | Membership expiration datetime. null/"" to clear. |
Transfer Ownership
Transfer share ownership to another member. Auth required. Owner only. Current owner is demoted to admin.
Rate Limits: 10/3s, 25/10s, 50/60s, 100/hour, 1000/day.
List Members
List all members. Auth required.
Rate Limits: 20/3s, 50/10s, 200/60s, 500/hour, 10000/day.
Response
{
"result": "yes",
"response": {
"users": [
{
"id": "11111111111111111111",
"account_type": "human",
"email_address": "owner@example.com",
"first_name": "Jane",
"last_name": "Smith",
"permissions": "owner",
"invite": null,
"notify": "Notify me in app",
"expires": null
}
]
},
"current_api_version": "1.0"
}Join Share
Join a share via self-join or invitation. Auth required.
Rate Limits: 10/3s, 25/10s, 50/60s, 100/hour, 1000/day.
Self-join rules (without invitation key):
| Access Option | Who Can Self-Join |
|---|---|
'Only members of the Share or Workspace' | Members of the share or its parent workspace |
'Members of the Share, Workspace or Org' | Members of the share, parent workspace, or parent org |
| Other values | Self-join blocked; invitation required |
Self-joined members receive member permission with no expiration. Only notify_options is respected from input.
List Invitations
List invitations, optionally filtered by state (pending, accepted, declined). Auth required.
Rate Limits: 10/3s, 25/10s, 50/60s, 100/hour, 1000/day.
Update Invitation
Update an invitation. {invitation_id} can be a numeric ID or an email address. Auth required.
Rate Limits: 10/60s, 20/600s, 30/hour.
| Field | Type | Required | Description |
|---|---|---|---|
| state | string | No | pending, accepted, declined |
| permissions | string | No | Updated permission level: admin, member, guest, view |
| notify_options | string | No | Updated notification preference |
| expires | string | No | Updated membership expiration datetime |
Delete Invitation
Revoke an invitation. {invitation_id} can be a numeric ID or an email address. Auth required.
Rate Limits: 10/60s, 20/600s, 30/hour.
Share Discovery
List All Shares
List all accessible shares (joined, invited, owned). Auth required. Orphaned workspace folder shares are automatically filtered out.
Response Fields
Each share in the shares array includes the same fields as the details endpoint, plus:
| Field | Type | Description |
|---|---|---|
shares[].user_status | string | User's membership status (e.g., joined, invited) |
shares[].folder_node_id | string|null | Backing folder node ID (workspace_folder only) |
shares[].is_orphaned | boolean | Whether backing folder was deleted |
List Available Shares
List shares the user has joined or owns (excludes pending invitations). Auth required. Does not include parent workspace/org information.
Check Share Name Availability
Check if a share custom name is available. Auth required.
Rate Limits: 5/3s, 30/10s, 60/60s, 250/hour, 1000/day (per user).
Status 202 Accepted = name available.
| HTTP Status | Code | Message | Cause |
|---|---|---|---|
| 400 | APP_ERROR_INPUT_INVALID | An invalid share name was supplied. | Fails validation |
| 406 | APP_NOT_ACCEPTABLE | The supplied share name is already in use. | Name already taken |
List Shares in Workspace
List shares belonging to a workspace. Auth required. Paginated with offset-based pagination.
| Query Parameter | Type | Required | Description |
|---|---|---|---|
| limit | integer | No | Number of results to return |
| offset | integer | No | Number of results to skip |
| archived | string | No | Boolean string. Filter by archived state. |
List User's Shares
List all shares accessible to the current user (owned, joined, invited). Auth required. Paginated. Includes parent workspace and org information.
| Query Parameter | Type | Required | Description |
|---|---|---|---|
| limit | integer | No | Number of results to return |
| offset | integer | No | Number of results to skip |
| archived | string | No | Boolean string. Filter by archived state. |
Import Share into Workspace
Import a user-owned share into a workspace. Auth required. Caller must be the share owner with no other co-owners. The share must currently be user-owned (not already in a workspace). Archived shares are automatically unarchived during import.
Error Responses
| HTTP Status | Code | Message | Cause |
|---|---|---|---|
| 400 | APP_ERROR_INPUT_INVALID | This share is not owned by you and cannot be imported. | Share not user-owned |
| 400 | APP_ERROR_INPUT_INVALID | The share has multiple owners... | Multiple co-owners exist |
| 403 | APP_FEATURE_LIMIT | The workspace has reached its share limit. | Share quota exceeded |
| 500 | APP_INTERNAL_ERROR | Failed to import the share to the workspace. | Transaction failure |
Share AI
Shares support AI features when intelligence is enabled.
Auto-Generate OG Image
Generate an Open Graph image for the share. Auth required.
Auto-Generate Title & Description
Generate a title and description for the share based on its contents. Auth required.
AI Chat
Share AI chat follows the same patterns as workspace AI chat. Replace /workspace/{id} with /share/{id} in all chat endpoints. For full AI chat documentation, see AI & Chat reference.
Endpoints
| Method | Endpoint | Description |
|---|---|---|
| POST | /current/share/{share_id}/ai/chat/ | Create chat |
| GET | /current/share/{share_id}/ai/chat/list/ | List chats |
| GET | /current/share/{share_id}/ai/chat/{chat_id}/details/ | Chat details |
| POST | /current/share/{share_id}/ai/chat/{chat_id}/update/ | Update chat |
| DELETE | /current/share/{share_id}/ai/chat/{chat_id}/ | Delete chat |
| POST | /current/share/{share_id}/ai/chat/{chat_id}/message/ | Send message |
| GET | /current/share/{share_id}/ai/chat/{chat_id}/messages/list/ | List messages |
| GET | /current/share/{share_id}/ai/chat/{chat_id}/message/{msg_id}/details/ | Message details |
| GET | /current/share/{share_id}/ai/chat/{chat_id}/message/{msg_id}/read/ | Stream response (SSE) |
| POST | /current/share/{share_id}/ai/chat/{chat_id}/publish/ | Publish chat |
| POST | /current/share/{share_id}/ai/share/ | AI share markdown |
QuickShare (Workspace Feature)
QuickShare creates a temporary public link for a single file. This is a workspace storage feature, not a share management feature, but is related to sharing.
Create QuickShare
Auth required. Single file only (not folders), max 1 GB, default expiration 3 hours, maximum 24 hours. Auto-deleted on expiration.
QuickShare Details (Public)
Returns metadata including file information, creator, expiration, and download limit status. No auth required.
Rate Limits: 3/3s, 15/10s, 20/60s, 50/hour, 200/day (per IP).
Response
{
"result": "yes",
"response": {
"quickshare": {
"id": "aBcDeFgHiJ",
"node": {
"id": "12345678901234567890",
"type": "file",
"name": "presentation.pdf",
"size": 5242880,
"mimetype": "application/pdf",
"mimecategory": "document"
},
"creator_uid": {
"id": "98765432109876543210",
"account_type": "human",
"first_name": "Jane",
"last_name": "Doe"
},
"limit_exceeded": false,
"expires": "2024-01-15 13:30:00",
"created": "2024-01-15 10:30:00"
}
},
"current_api_version": "1.0"
}Download File (Public)
Returns raw binary file content with Content-Type and Content-Disposition headers. No auth required.
Transfer Limits:
- Max total bytes: 10 GB
- Max multiplier: 100x file size
- Once either limit is reached,
limit_exceededis set permanently.
Preview File (Public)
Preview types: binary, thumbnail, image, hls_stream, pdf, spreadsheet, audio, mp4. No auth required.
Preview Limits: Max 20x file size for total preview bytes.
Multi-file previews (e.g., HLS) return a 307 Temporary Redirect to a sub-file endpoint.
QuickShare Error Responses
| HTTP Status | Code | Message | Cause |
|---|---|---|---|
| 400 | APP_ERROR_INPUT_INVALID | Validation error | Invalid opaque ID |
| 404 | APP_ERROR_NOT_FOUND | Quickshare not found. | No such QuickShare |
| 429 | APP_BANDWIDTH_LIMIT | You have exceeded the bandwidth policy for this Quickshare. | Transfer limit reached |
| 403 | APP_DENIED | You have reached the maximum number of previews for this Quickshare. | Preview limit reached |
Share Storage
Share storage follows the same API patterns as workspace storage. See Storage reference for full endpoint documentation.
Replace /workspace/{workspace_id} with /share/{share_id} in all storage paths. Available operations:
addfile— add file from uploadcreatefolder— create folderlist— list folder contents (keyset pagination)details— node detailsupdate— rename, replace contentmove— move within sharecopy— copy within sharetransfer— copy to another storage instancedelete— move to trashpurge— permanently delete from trashrestore— restore from trashrestore-version— restore previous versionversions— list version historyread— download filerequestread— get download tokenzip— download folder as ZIPsearch— keyword searchpreview— file previews (preauthorize, read, token-based read)transform— image transforms (status, request)lock— file locking (acquire, heartbeat, release, status)
Not available in shares: addlink, createnote, updatenote, quickshare, transform/requestread