Fastio API Documentation Put your files to work — workspaces for agentic teams. Answer across your files, automate the busywork, and keep work secure and on the record. Storage is step zero.

Base URL: https://api.fast.io/current/ API Version: 1.0 Doc Version: 2.2 Format: JSON

Fastio provides workspaces for agentic teams — where agents collaborate with other agents and with humans. Upload outputs, create branded portals, ask questions about documents using built-in AI, and hand everything off to a human when the job is done. No infrastructure to manage.

For AI agents: Create an account (optionally with agent=true), choose a paid plan (Starter, Business, or Growth), build workspaces for your team (agents and humans), and query documents with built-in RAG. All paid plans include the AI Agent plan feature for agentic chat, RAG, and intelligence.

For MCP-enabled agents: Connect via the Model Context Protocol to interact with Fastio workspaces, shares, files, and storage directly. Connect to https://mcp.fast.io/mcp (Streamable HTTP) or https://mcp.fast.io/sse (legacy SSE). The server exposes multiple domain-specific tools with action-based routing.

Detailed API References

What Fastio Does

Storage is step zero. Fastio is organized around three things you do with your files — Intelligence, Automation, and Secure collaboration:

PillarWhat It Does
IntelligenceAsk across all your files and get cited answers (RAG chat); turn documents and images into structured data (Metadata Templates / AI extraction); research, analyze, and draft with the built-in agent, Ripley; semantic search by meaning
AutomationDescribe a workflow in plain English and an agent (Ripley or your own, over MCP) runs it on your files — event/schedule triggers, approvals, tasks, and native e-signature, charged a flat credit per completed step
Secure collaborationFiles belong to the project, not the person — org/workspace-owned storage, Send/Receive/Exchange shares and branded portals, granular permissions and scoped agent tokens, an append-only audit log, and a per-workspace dashboard

Building blocks:

CapabilityWhat It Does
WorkspacesShared workspaces for agentic teams with file versioning, search, and AI chat
SharesPurpose-built spaces for agent-human exchange with two storage modes: Portal (independent portal with passwords, expiration, guest access) or Shared Folder (live-synced workspace folder). Three share types: Send, Receive, Exchange
File ShareDurable single-file links with access tiers (anyone-with-link / any-registered / named-people), per-user grants (view / download / edit), optional link password, and external edit / write-back. Replaces the deprecated QuickShare
Built-in AIRAG-powered document Q&A, semantic search, auto-summarization, metadata extraction
File PreviewInline rendering for PDF, images, video, audio, spreadsheets, code — no download needed
Activity TrackingFull audit trail with AI-powered natural language summaries

Plans

New organizations choose one of three paid plans. All three include the content_ai and ai_agent plan features, and signing is universal across every plan.

PlanPriceMonthly creditsStorageSeatsOverage
Solo$29/mo ($290/yr)300,0001 TB1Hard-stop
Business$99/mo ($990/yr)1,200,00010 TB20Metered
Growth$299/mo ($2,990/yr)4,500,00050 TB50 (1/user above 50)Metered

Credits cover: storage (100/GB), bandwidth (212/GB), AI tokens (1/100 tokens), document ingestion (10/page), video ingestion (5/sec), image ingestion (5/image), file conversions (25/each), workflow steps (5/completed step).

A newly created organization must select a paid plan before it can be used; until then it is in an upgrade-only state (the same state as an org that has exhausted its credits) and gated endpoints return HTTP 402.

When credits run out: Solo plans hard-stop on overage until the monthly credit reset; Business and Growth meter overage. Direct the user to upgrade or adjust the plan at https://fast.io or via POST /current/org/{org_id}/billing/.

Profile Hierarchy

User (Type 2) → Organization (Type 3) → Workspace (Type 4) / Share (Type 5)

Users own organizations. An organization is a collector of workspaces — it can represent a company, a business unit, a team, or simply a personal collection. Organizations own workspaces and shares. Users can also directly own shares.

All profile IDs are 19-digit numeric strings (e.g., "2234567890123456789"). The leading digit encodes the profile type — 2 = user, 3 = org, 4 = workspace, 5 = share. Most endpoints also accept a custom name in place of the numeric ID.

Account types: human or agent — visible in all user objects via account_type field.

Authentication

All authenticated endpoints require: Authorization: Bearer {jwt_token}

Four methods:

Choose your access pattern

  1. Human's account — Human creates API key, gives it to you. You operate as them. → Auth reference
  2. Autonomous agent — Create agent account (agent=true), create org, work independently. → Auth reference
  3. Collaboration — Create agent account, human invites you to their org/workspace. → Auth reference
  4. PKCE browser login — Secure, no password sharing, supports SSO. → OAuth reference

Response Envelope

Success (data fields at root level):

{"result": true, ...}

Error:

{
  "result": false,
  "error": {
    "code": 195654,
    "text": "Human-readable message",
    "documentation_url": "https://api.fast.io/llms.txt",
    "resource": "POST /current/user/"
  }
}

Validation error (HTTP 406) with structured per-parameter detail:

{
  "result": false,
  "error": {
    "code": 10022,
    "text": "email: This value should not be blank.",
    "documentation_url": "https://api.fast.io/llms.txt",
    "resource": "POST /current/user/email/",
    "params": [
      {
        "name": "email",
        "kind": "missing",
        "message": "This value should not be blank.",
        "code": 10022
      }
    ]
  }
}

OAuth (/current/oauth/token/, /current/oauth/revoke/, /current/oauth/register/) and the cloud-storage / billing webhook receivers retain RFC-compliant bare-JSON error envelopes (RFC 6749 §5.2 / RFC 7591). The params field is not emitted by those endpoints.

OPTIONS Introspection

OPTIONS introspection is currently supported on roughly 40% of public endpoints. Supported endpoints respond with a JSON description of their accepted parameters — source (query / body / path / header), required vs optional flag, expected type, and a summary of declared constraints (length bounds, choice set, range, equality). Use this to fetch parameter requirements before issuing a call rather than learning them from a validation-error round trip.

curl -X OPTIONS "https://api.fast.io/current/{endpoint}/" -H "Authorization: Bearer {jwt_token}"

Unsupported endpoints (OAuth, webhook receivers, and a substantial set of legacy endpoints not yet migrated) return 405 Method Not Allowed for OPTIONS. Coverage is being expanded incrementally — check via OPTIONS first; fall back to the documented schema when you receive a 405.

Error Codes

Client Errors

CodeDescriptionHTTP Status
1605Invalid Input406 Not Acceptable
1607Duplicate Entry406 Not Acceptable
1650Authentication Invalid401 Unauthorized
1651Invalid Request Type405 Method Not Allowed
1609Not Found404 Not Found
1652Resource Not Found404 Not Found
1653User Not Found404 Not Found
1656Limit Exceeded413 Payload Too Large
1667Max Limit429 Too Many Requests
1685Feature Limit412 Precondition Failed
1658Not Acceptable406 Not Acceptable
1660Conflict409 Conflict
1669Already Exists409 Conflict
1670Restricted406 Not Acceptable
1680Access Denied401 Unauthorized
1671Rate Limited429 Too Many Requests
1677Locked423 Locked

Billing & Credit Errors

CodeDescriptionHTTP StatusDetails
1688Subscription Required402 Payment RequiredOrganization does not have an active subscription or has exhausted its monthly credit allowance. Upgrade the plan or wait for the monthly credit reset.
1695Upgrade Required402 Payment RequiredRequested feature requires a higher-tier plan.
1696Credit Limit Exceeded402 Payment RequiredMonthly credit allowance exceeded. Error message includes credits used and credit limit.

Server Errors

CodeDescriptionHTTP Status
1654Internal Error500
1664Datastore Error500
1686Not Implemented501

Retired Per-Field Codes

As of 2026-05-05, error codes 136957, 249170, 279705, 295625 are retired. The equivalent field-level failures now surface inside error.params[] with kind: 'invalid' (and a per-field code and message describing the specific violation). Clients that previously switched on those exact integers should switch on params[].name + params[].kind instead.

Rate Limiting

Headers: x-ve-limit-avail (requests remaining), x-ve-limit-max (window cap), x-ve-limit-expires (Unix-time the window resets).

When exceeded: HTTP 429 with error code 1671 (Rate Limited). Back off until x-ve-limit-expires.

Pagination

Offset Pagination (List Endpoints)

Most list endpoints support offset-based pagination:

Keyset Pagination (Storage + Workflow Run List)

Two list endpoints support cursor-based (keyset) pagination. Storage listing always uses the cursor path; the workflow run list uses it opt-in — activate by passing any of page_size, cursor, or bucket (a bare request or limit/offset returns the legacy offset shape). A page may contain fewer than page_size items even when has_more is true — rely on has_more / next_cursor, not page fullness, to decide whether to continue.

Storage listing (GET /current/workspace/{id}/storage/):

Workflow run list (GET /current/workspace/{id}/workflows/):

Compact Responses (output=)

Most list and detail endpoints accept an optional output query parameter that selects a response shape tuned to how much detail the caller actually needs. This is useful for agents and clients that want to minimize payload size and token usage.

Per-category field lists for terse and standard are documented in the relevant category reference (storage, events, orgs, workspaces, shares, auth/users).

ID Formats

Custom names as identifiers

Profile TypeCustom Name
WorkspaceFolder name (e.g., my-project)
ShareURL name (e.g., q4-financials)
OrganizationDomain name (e.g., acme)
UserEmail address (e.g., user@example.com)

Field Constraints

Profile fields (org, workspace, share) have validation rules enforced server-side.

EntityFieldAPI KeyMinMaxRegexRequired
Orgdomaindomain263^[a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?$Yes (create)
Orgnamename3100No control charsYes
Orgdescriptiondescription101000No control charsNo
Workspacefolder_namefolder_name480^[\p{L}\p{N}-]+$Yes (create)
Workspacenamename2100No control charsYes
Workspacedescriptiondescription101000No control charsNo
Sharecustom_namecustom_name480^[\p{L}\p{N}\-_]+$No (auto-generated when omitted)
Sharecustom_urlcustom_url10100Yes
Sharetitletitle280No control charsYes
Sharedescriptiondescription10500No control charsNo

Agent Workflows

Upload Files

Small files (< 4MB): single-request upload. Large files: chunked upload with parallel chunks.

→ Full details: Upload reference

Query Documents with AI

Create chats with chat (general) or chat_with_files (RAG with citations). Stream responses via SSE.

→ Full details: AI reference

Share Files with Humans

Create Send/Receive/Exchange shares with Portal or Shared Folder storage modes.

→ Full details: Shares reference

Monitor Usage

→ Full details: Events reference

Activity Polling

Long-poll for changes instead of looping on individual endpoints:

GET /current/activity/poll/{entityId}?wait=95&lastactivity={timestamp}

→ Full details: Events reference

Endpoint Summary

System

MethodEndpointDescription
GET/current/ping/Health check (no auth)
GET/current/system/status/System status (no auth)
GET/current/llms/This reference file (no auth)
GET/current/agents/Agent integration guide (no auth)
GET/.well-known/oauth-authorization-server/OAuth server metadata (no auth)
GET/.well-known/oauth-protected-resource/OAuth resource metadata (no auth)

Category References

CategoryPageWhat It Covers
Auth & Usersauth.htmlAuthentication methods, user CRUD, getting started patterns
OAuth 2.0oauth.htmlPKCE flow, token exchange, session management, DCR, resource indicators
Organizationsorgs.htmlOrg CRUD, members, billing, discovery
Workspacesworkspaces.htmlWorkspace CRUD, members, assets, discovery
Storagestorage.htmlFile/folder operations, locking, previews, transforms
Sharesshares.htmlShare types, storage modes, members, branding, quickshare (deprecated — use File Share), File Share
Uploadupload.htmlChunked upload flow, web upload, status polling
AI & Chatai.htmlRAG chat, intelligence, notes, metadata extraction
How-Tohowto.htmlSingle-call natural-language product help (answer or clarifying question)
Events & Activityevents.htmlEvent search, activity polling, WebSocket, realtime
Commentscomments.htmlThreading, mentions, reactions, JSON body format
Workflowworkflow.htmlTask lists, tasks — the fully supported Tasks API
Workflow Orchestrationworkflows.htmlDurable runtime, obligations, triggers, signed audit, inbound/outbound webhooks
Signing / E-Signaturesigning.htmlSignEnvelopes, recipients, fields, signer OTP/consent, audit certificate, PAdES-LT signing
Dashboarddashboard.htmlPer-workspace actionable card feed with optional AI overlay

Common Patterns

Additional Resources

↑ Back to top