DRACOON API

Tools (299)

Extracted live via the executor SDK.

• auth.completeOpenIdLogin

  🚧 Deprecated since v4.14.0

  Description:

  This is the second step of the OpenID Connect authentication.
  The user hands over the authorization code and is logged in.

  Precondition:

  Existing user with activated OpenID Connect authentication that is NOT locked.

  Postcondition:

  User is logged in.

  Further Information:

  None.

• auth.initiateOpenIdLogin

  🚧 Deprecated since v4.14.0

  Description:

  This is the first step of the OpenID Connect authentication.
  The user is send to the OpenID Connect identity provider to authenticate himself and retrieve an authorization code.

  Precondition:

  None.

  Postcondition:

  User is redirected to OpenID Connect identity provider to authenticate himself.

  Further Information:

  None.

• auth.login

  🚧 Deprecated since v4.13.0

  Description:

  Authenticates user and provides an authentication token (X-Sds-Auth-Token) that is required for the most operations.

  Precondition:

  Existing user that is NOT locked.

  Postcondition:

  User is logged in.

  Further Information:

  The provided token is valid for two hours, every usage resets this period to two full hours again.
  Logging off invalidates the token.

  Available authentication methods:

  Expand

  Authentication Method (authType)	Description
  basic	Log in with credentials stored in the database Formerly known as sql.
  active_directory	Log in with Active Directory credentials
  radius	Log in with RADIUS username, PIN and token password. Token (request parameter) may be set, otherwise this parameter is ignored. If token is set, password is optional.
  openid	Please use POST /auth/openid/login API to login with OpenID Connect identity

• auth.ping

  Description:

  Test connection to DRACOON Core Service.

  Precondition:

  None.

  Postcondition:

  200 OK with current date string is returned if successful.

  Further Information:

  None.

• auth.recoverUserName

  🚀 Since v4.13.0

  Description:

  Request an email with the user names of all accounts connected to the email.

  Precondition:

  Valid email address.

  Postcondition:

  An email is sent to the provided address, with a list of account user names connected to it.

  Further Information:

  None.

• auth.requestPasswordReset

  Description:

  Request an email with a password reset token for a certain user to reset password.

  Precondition:

  Registered user account.

  Postcondition:

  Provided user receives email with password reset token.

  Further Information:

  None.

• auth.resetPassword

  Description:

  Resets user's password.

  Precondition:

  User received a password reset token.

  Postcondition:

  User's password is reset to the provided password.

  Further Information:

  Forbidden characters in passwords: [&, ', <, >]

• auth.validateResetPasswordToken

  Description:

  Request all information for a password change dialogue e.g. real name of user.

  Precondition:

  User received a password reset token.

  Postcondition:

  Context information is returned.

  Further Information:

  None.

• config.requestAlgorithms

  🚀 Since v4.24.0

  Description:

  Retrieve a list of available algorithms used for encryption.

  Precondition:

  Authenticated user.

  Postcondition:

  List of available algorithms is returned.

  Further Information:

  None.

• config.requestClassificationPoliciesConfigInfo

  🚀 Since v4.30.0

  Description:

  Retrieve a list of classification policies:

  • shareClassificationPolicies

  Precondition:

  Authenticated user.

  Postcondition:

  List of configured classification policies is returned.

  Further Information:

  classificationRequiresSharePassword: When a node has this classification or higher, it cannot be shared without a password. If the node is an encrypted file this policy has no effect. 0 means no password will be enforced.

• config.requestCurrentProductPackages

  🚀 Since v4.38.0

  Description:

  Returns a list of currently enabled product packages.

  Precondition:

  Authenticated user

  Postcondition:

  List of currently enabled Product Packages is returned.

  Further Information:

• config.requestGeneralSettingsInfo

  🚀 Since v4.6.0

  Description:

  Returns a list of configurable general settings.

  Precondition:

  Authenticated user.

  Postcondition:

  List of configurable general settings is returned.

  Further Information:

  None.

  Configurable general settings:

  Expand

  Setting	Description	Value
  sharePasswordSmsEnabled	Determines whether sending of share passwords via SMS is allowed.	true or false
  cryptoEnabled	Determines whether client-side encryption is enabled. Can only be enabled once; disabling is NOT possible.	true or false
  emailNotificationButtonEnabled	Determines whether email notification button is enabled.	true or false
  eulaEnabled	Determines whether EULA is enabled. Each user has to confirm the EULA at first login.	true or false
  useS3Storage	Defines if S3 is used as storage backend. Can only be enabled once; disabling is NOT possible.	true or false
  s3TagsEnabled	Determines whether S3 tags are enabled	true or false
  homeRoomsActive	Determines whether each AD user has a personal home room	true or false
  homeRoomParentId	Defines a node under which all personal home rooms are located. NULL if homeRoomsActive is false	Long
  subscriptionPlan	Subscription Plan. 0 = Pro, 1 = Premium, 2 = Basic	Integer

  Deprecated general settings:

  Expand

  Setting	Description	Value
  mediaServerEnabled	Determines whether media server is enabled. Returns boolean value dependent on conjunction of mediaServerConfigEnabled AND mediaServerEnabled	true or false
  weakPasswordEnabled	Determines whether weak password is allowed. Use GET /system/config/policies/passwords API to get configured password policies.	true or false

• config.requestGuestUsersPoliciesConfigInfo

  🚀 Since v4.40.0

  Description:

  Retrieve a list of guest users policies.

  Precondition:

  Authenticated user.

  Postcondition:

  List of configured guest users policies is returned.

  Further Information:

  None.

• config.requestInfrastructurePropertiesInfo

  🚀 Since v4.6.0

  Description:

  Returns a list of read-only infrastructure properties.

  Precondition:

  Authenticated user.

  Postcondition:

  List of infrastructure properties is returned.

  Further Information:

  Source: core-service.properties

  Read-only infrastructure properties:

  Expand

  Setting	Description	Value
  smsConfigEnabled	Determines whether sending of share passwords via SMS is system-wide enabled.	true or false
  mediaServerConfigEnabled	Determines whether media server is system-wide enabled.	true or false
  s3DefaultRegion	Suggested S3 region	Region name
  s3EnforceDirectUpload	Enforce direct upload to S3	true or false
  isDracoonCloud	Determines if the DRACOON Core is deployed in the cloud environment	true or false
  tenantUuid	Current tenant UUID	UUID

• config.requestNotificationChannelsInfo

  🚀 Since v4.20.0

  Description:

  Retrieve a list of configured notification channels.

  Precondition:

  Authenticated user.

  Postcondition:

  List of notification channels is returned.

  Further Information:

  None.

• config.requestPasswordPoliciesConfigInfo

  🚀 Since v4.14.0

  Description:

  Retrieve a list of configured password policies for all password types:

  • login
  • shares
  • encryption

  Precondition:

  Authenticated user.

  Postcondition:

  List of configured password policies is returned.

  Further Information:

  None.

  Available password policies:

  Expand

  Name	Description	Value	Password Type
  mustContainCharacters	Characters which a password must contain: alpha - at least one alphabetical character (uppercase OR lowercase)a b c d e f g h i j k l m n o p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z uppercase - at least one uppercase characterA B C D E F G H I J K L M N O P Q R S T U V W X Y Z lowercase - at least one lowercase charactera b c d e f g h i j k l m n o p q r s t u v w x y z numeric - at least one numeric character0 1 2 3 4 5 6 7 8 9 special - at least one special character (letters and digits excluded)! " # $ % ( ) * + , - . / : ; = ? @ [ \ ] ^ _ { | } ~ none - none of the above	alpha uppercase lowercase numeric special none	login shares encryption
  numberOfCharacteristicsToEnforce	Number of characteristics to enforce. e.g. from ["uppercase", "lowercase", "numeric", "special"] all 4 character sets can be enforced; but also only 2 of them	Integer between 0 and 4	login shares encryption
  minLength	Minimum number of characters a password must contain.	Integer between 1 and 1024	login shares encryption
  rejectDictionaryWords	Determines whether a password must NOT contain word(s) from a dictionary. In core-service.properties a path to directory with dictionary files (*.txt) can be defined cf. policies.passwords.dictionary.directory. If this rule gets enabled policies.passwords.dictionary.directory must be defined and contain dictionary files. Otherwise, the rule will not have any effect on password validation process.	true or false	login shares
  rejectUserInfo	Determines whether a password must NOT contain user info. Affects user's first name, last name, email and user name.	true or false	login shares encryption
  rejectKeyboardPatterns	Determines whether a password must NOT contain keyboard patterns. e.g. qwertz, asdf (min. 4 character pattern)	true or false	login shares encryption
  numberOfArchivedPasswords	Number of passwords to archive. Value 0 means that password history is disabled.	Integer between 0 and 10	login
  passwordExpiration.enabled	Determines whether password expiration is enabled.	true or false	login
  maxPasswordAge	Maximum allowed password age (in days)	positive Integer	login
  userLockout.enabled	Determines whether user lockout is enabled.	true or false	login
  maxNumberOfLoginFailures	Maximum allowed number of failed login attempts.	positive Integer	login
  lockoutPeriod	Amount of minutes a user has to wait to make another login attempt after maxNumberOfLoginFailures has been exceeded.	positive Integer	login

• config.requestProductPackages

  🚀 Since v4.38.0

  Description:

  Returns a list of product packages.

  Precondition:

  Authenticated user

  Postcondition:

  List of Product Packages is returned.

  Further Information:

• config.requestS3TagsInfo

  🚀 Since v4.9.0

  Description:

  Retrieve all configured S3 tags.

  Precondition:

  Authenticated user.

  Postcondition:

  List of configured S3 tags is returned.

  Further Information:

  An empty list is returned if no S3 tags are found / configured.

• config.requestSystemDefaultsInfo

  🚀 Since v4.6.0

  Description:

  Returns a list of configurable system default values.

  Precondition:

  Authenticated user.

  Postcondition:

  List of configurable default settings is returned.

  Further Information:

  None.

  Configurable default values:

  Expand

  Setting	Description	Value
  languageDefault	Defines which language should be default.	ISO 639-1 code
  downloadShareDefaultExpirationPeriod	Default expiration period for Download Shares in days.	Integer between 0 and 9999
  uploadShareDefaultExpirationPeriod	Default expiration period for Upload Shares in days.	Integer between 0 and 9999
  fileDefaultExpirationPeriod	Default expiration period for all uploaded files in days.	Integer between 0 and 9999
  nonmemberViewerDefault	Defines if new users get the role Non Member Viewer by default	true or false

• config.requestSystemSettings

  🚧 Deprecated since v4.6.0

  Description:

  Returns a list of configurable system settings.

  Precondition:

  Right 🔓 read global config required.

  Postcondition:

  List of configurable settings is returned.

  Further Information:

  Check for every settings key new corresponding API and key below.

  If eula_active is true, but NOT accepted yet, or password MUST be changed, only the following two values are returned:

  • allow_system_global_weak_password
  • eula_active

  Configurable settings

  Expand

  Setting	Description	Value
  branding_server_branding_id	The branding UUID, which corresponds to BRANDING-QUALIFIER in the new branding server. cf. GET /system/config/settings/branding BrandingConfig.brandingQualifier	String
  branding_portal_url	Access URL to to the Branding Portal Only visible for Config Manager of Provider Customer. cf. GET /system/config/settings/branding BrandingConfig.brandingProviderUrl	String
  dblog	Write logs to local database. Only visible for Config Manager of Provider Customer. cf. GET /system/config/settings/eventlog EventlogConfig.enabled	true or false
  default_downloadshare_expiration_period	Default expiration period for Download Shares in days cf. GET /system/config/settings/defaults SystemDefaults.downloadShareDefaultExpirationPeriod	Integer between 0 and 9999
  default_file_upload_expiration_date	Default expiration period for all uploaded files in days cf. GET /system/config/settings/defaults SystemDefaults.fileDefaultExpirationPeriod	Integer between 0 and 9999
  default_language	Define which language should be default. cf. GET /system/config/settings/defaults SystemDefaults.languageDefault	cf. GET /public/system/info - SystemInfo.languageDefault
  default_uploadshare_expiration_period	Default expiration period for Upload Shares in days cf. GET /system/config/settings/defaults SystemDefaults.uploadShareDefaultExpirationPeriod	Integer between 0 and 9999
  enable_client_side_crypto	Activation status of client-side encryption Can only be enabled once; disabling is NOT possible. cf. GET /system/config/settings/general GeneralSettings.cryptoEnabled	true or false default: false
  eula_active	Each user has to confirm the EULA at first login. cf. GET /system/config/settings/general GeneralSettings.eulaEnabled	true or false
  eventlog_retention_period	Retention period (in days) of event log entries After that period, all entries are deleted. cf. GET /system/config/settings/eventlog EventlogConfig.retentionPeriod	Integer between 0 and 9999 If set to 0: no logs are deleted Recommended value: 7
  ip_address_logging	Determines whether a user's IP address is logged. Only visible for Config Manager of Provider Customer. cf. GET /system/config/settings/eventlog EventlogConfig.logIpEnabled cf. GET /system/config/settings/syslog SyslogConfig.logIpEnabled	true or false
  mailserver	Email server to send emails. Only visible for Config Manager of Provider Customer. cf. GET /system/config/settings/mail_server MailServerConfig.host	DNS name or IPv4 of an email server
  mailserver_authentication_necessary	Set to true if the email server requires authentication. Only visible for Config Manager of Provider Customer. cf. GET /system/config/settings/mail_server MailServerConfig.authenticationEnabled	true or false
  mailserver_password	Password is no longer returned. Check mailserver_password_set to determine whether password is set.
  mailserver_password_set	Indicates if a password is set for the mailserver (because mailserver_password is always returned empty). Only visible for Config Manager of Provider Customer. cf. GET /system/config/settings/mail_server MailServerConfig.passwordDefined	true or false
  mailserver_port	Email server port Only visible for Config Manager of Provider Customer. cf. GET /system/config/settings/mail_server MailServerConfig.port	Valid port number
  mailserver_username	User ame for email server Only visible for Config Manager of Provider Customer. cf. GET /system/config/settings/mail_server MailServerConfig.username	Username for authentication
  mailserver_use_ssl	Email server requires SSL connection? Only visible for Config Manager of Provider Customer. Requires mailserver_use_starttls to be false cf. GET /system/config/settings/mail_server MailServerConfig.username	true or false
  mailserver_use_starttls	Email server requires StartTLS connection? Only visible for Config Manager of Provider Customer. Requires mailserver_use_ssl to be false cf. GET /system/config/settings/mail_server MailServerConfig.starttlsEnabled	true or false
  syslog	Write logs to a syslog interface. Only visible for Config Manager of Provider Customer. cf. GET /system/config/settings/syslog SyslogConfig.enabled	true or false
  syslog_host	Syslog server (IP or FQDN) Only visible for Config Manager of Provider Customer. cf. GET /system/config/settings/syslog SyslogConfig.host	DNS name or IPv4 of a syslog server
  syslog_port	Syslog server port Only visible for Config Manager of Provider Customer. cf. GET /system/config/settings/syslog SyslogConfig.port	Valid port number
  syslog_protocol	Protocol to connect to syslog server. Only visible for Config Manager of Provider Customer. cf. GET /system/config/settings/syslog SyslogConfig.protocol	TCP or UDP
  enable_email_notification_button	Enable mail notification button. cf. GET /system/config/settings/general GeneralSettings.emailNotificationButtonEnabled	true or false
  allow_share_password_sms	Allow sending of share passwords via SMS. cf. GET /system/config/settings/general GeneralSettings.sharePasswordSmsEnabled	true or false
  globally_allow_share_password_sms	Allow sending of share passwords via SMS system-wide (read-only). cf. GET /system/config/settings/infrastructure InfrastructureProperties.smsConfigEnabled	true or false
  use_s3_storage	Defines if S3 is used as storage backend. Can only be enabled once; disabling is NOT possible. cf. GET /system/config/settings/general GeneralSettings.useS3Storage	true or false
  s3_default_region	Suggested S3 region (read-only) cf. GET /system/config/settings/infrastructure InfrastructureProperties.s3DefaultRegion	Region name

  Deprecated settings

  Expand

  Setting	Description	Value
  allow_system_global_weak_password	Determines whether weak password (cf. Password Policy below) is allowed. cf. GET /system/config/settings/general GeneralSettings.weakPasswordEnabled Use GET /system/config/policies/passwords API to get configured password policies.	true or false
  branding_server_customer	The UUID of the branding server customer, which corresponds to customer key in the branding server.	String
  branding_server_url	Access URL to to the Branding Server. Only visible for Config Manager of Provider Customer.	String
  email_from	Sender of system-generated emails Only visible for Config Manager of Provider Customer. Moved to branding	Valid email address
  email_to_sales	Contact email address for customers to request more user licenses or data volume. Moved to branding	Valid email address
  email_to_support	Support email address for users Moved to branding	Valid email address
  file_size_js	Maximum file size (in bytes) for downloads of encrypted files with JavaScript. Bigger files will require a JavaApplet.	Integer Recommended value: 10485760 (=10MB)
  system_name	System name Moved to branding use product.title	Display name of the DRACOON

• config.updateSystemSettings

  🚧 Deprecated since v4.6.0

  Description:

  Update configurable settings.

  Precondition:

  Right 🔓 change global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  One or more global settings gets changed.

  Further Information:

  This API is deprecated and will be removed in the future.
  Check for every settings key new corresponding API and key below.

  Configurable settings:

  Expand

  Setting	Description	Value
  branding_server_branding_id	The branding UUID, which corresponds to BRANDING-QUALIFIER in the new branding server. cf. PUT /system/config/settings/branding BrandingConfig.brandingQualifier	String
  branding_portal_url	Access URL to to the Branding Portal Only visible for Config Manager of Provider Customer. cf. PUT /system/config/settings/branding BrandingConfig.brandingProviderUrl	String
  dblog	Write logs to local database. Only visible for Config Manager of Provider Customer. cf. PUT /system/config/settings/eventlog EventlogConfig.enabled	true or false
  default_downloadshare_expiration_period	Default expiration period for Download Shares in days cf. PUT /system/config/settings/defaults SystemDefaults.downloadShareDefaultExpirationPeriod	Integer between 0 and 9999 Set 0 to disable.
  default_file_upload_expiration_date	Default expiration period for all uploaded files in days cf. PUT /system/config/settings/defaults SystemDefaults.fileDefaultExpirationPeriod	Integer between 0 and 9999 Set 0 to disable.
  default_language	Define which language should be default. cf. PUT /system/config/settings/defaults SystemDefaults.languageDefault	cf. GET /public/system/info - SystemInfo.languageDefault
  default_uploadshare_expiration_period	Default expiration period for Upload Shares in days cf. PUT /system/config/settings/defaults SystemDefaults.uploadShareDefaultExpirationPeriod	Integer between 0 and 9999 Set 0 to disable.
  enable_client_side_crypto	Activation status of client-side encryption Can only be enabled once; disabling is NOT possible. cf. PUT /system/config/settings/general GeneralSettings.cryptoEnabled	true or false default: false
  eula_active	Each user has to confirm the EULA at first login. cf. PUT /system/config/settings/general GeneralSettings.eulaEnabled	true or false
  eventlog_retention_period	Retention period (in days) of event log entries After that period, all entries are deleted. cf. PUT /system/config/settings/eventlog EventlogConfig.retentionPeriod	Integer between 0 and 9999 If set to 0: no logs are deleted Recommended value: 7
  ip_address_logging	Determines whether a user's IP address is logged. Only visible for Config Manager of Provider Customer. cf. PUT /system/config/settings/eventlog EventlogConfig.logIpEnabled cf. PUT /system/config/settings/syslog SyslogConfig.logIpEnabled	true or false
  mailserver	Email server to send emails. Only visible for Config Manager of Provider Customer. cf. PUT /system/config/settings/mail_server MailServerConfig.host	DNS name or IPv4 of an email server
  mailserver_authentication_necessary	Set to true if the email server requires authentication. Only visible for Config Manager of Provider Customer. cf. PUT /system/config/settings/mail_server MailServerConfig.authenticationEnabled	true or false
  mailserver_password	Password for email server cf. PUT /system/config/settings/mail_server MailServerConfig.password	Password for authentication
  mailserver_port	Email server port Only visible for Config Manager of Provider Customer. cf. PUT /system/config/settings/mail_server MailServerConfig.port	Valid port number
  mailserver_username	Username for email server Only visible for Config Manager of Provider Customer. cf. PUT /system/config/settings/mail_server MailServerConfig.username	Username for authentication
  mailserver_use_ssl	Email server requires SSL connection? Only visible for Config Manager of Provider Customer. Requires mailserver_use_starttls to be false cf. PUT /system/config/settings/mail_server MailServerConfig.username	true or false
  mailserver_use_starttls	Email server requires StartTLS connection? Only visible for Config Manager of Provider Customer. Requires mailserver_use_ssl to be false cf. PUT /system/config/settings/mail_server MailServerConfig.starttlsEnabled	true or false
  syslog	Write logs to a syslog interface. Only visible for Config Manager of Provider Customer. cf. PUT /system/config/settings/syslog SyslogConfig.enabled	true or false
  syslog_host	Syslog server (IP or FQDN) Only visible for Config Manager of Provider Customer. cf. PUT /system/config/settings/syslog SyslogConfig.host	DNS name or IPv4 of a syslog server
  syslog_port	Syslog server port Only visible for Config Manager of Provider Customer. cf. PUT /system/config/settings/syslog SyslogConfig.port	Valid port number
  syslog_protocol	Protocol to connect to syslog server. Only visible for Config Manager of Provider Customer. cf. PUT /system/config/settings/syslog SyslogConfig.protocol	TCP or UDP
  enable_email_notification_button	Enable mail notification button. cf. PUT /system/config/settings/general GeneralSettings.emailNotificationButtonEnabled	true or false
  allow_share_password_sms	Allow sending of share passwords via SMS. cf. PUT /system/config/settings/general GeneralSettings.sharePasswordSmsEnabled	true or false

  Deprecated settings:

  Expand

  Setting	Description	Value
  allow_system_global_weak_password	Determines whether weak password (cf. Password Policy below) is allowed. cf. PUT /system/config/settings/general GeneralSettings.weakPasswordEnabled Use PUT /system/config/policies/passwords API to change configured password policies.	true or false
  branding_server_customer	The UUID of the branding server customer, which corresponds to customer key in the branding server.	String
  branding_server_url	Access URL to to the Branding Server. Only visible for Config Manager of Provider Customer.	String
  email_from	Sender of system-generated emails Only visible for Config Manager of Provider Customer. Moved to branding	Valid email address
  email_to_sales	Contact email address for customers to request more user licenses or data volume. Moved to branding	Valid email address
  email_to_support	Support email address for users Moved to branding	Valid email address
  file_size_js	Maximum file size (in bytes) for downloads of encrypted files with JavaScript. Bigger files will require a JavaApplet.	Integer Recommended value: 10485760 (=10MB)
  system_name	System name Moved to branding use product.title	Display name of the DRACOON

• downloads.downloadAvatar

  🚀 Since v4.11.0

  Description:

  Download avatar for given user ID and UUID.

  Precondition:

  Valid UUID.

  Postcondition:

  Stream is returned.

  Further Information:

  None.

• downloads.downloadFileViaToken

  Description:

  Download a file.

  Precondition:

  Valid download token.

  Postcondition:

  Stream is returned.

  Further Information:

  Range requests are supported.

• downloads.downloadFileViaToken1

  Description:

  Download a file.

  Precondition:

  Valid download token.

  Postcondition:

  Stream is returned.

  Further Information:

  Range requests are supported.

• downloads.downloadZipArchiveViaToken

  Description:

  Download multiple files in a ZIP archive.

  Precondition:

  Valid download token.

  Postcondition:

  Stream is returned.

  Further Information:

  Create a download token with POST /nodes/zip API.

• eventlog.requestAuditNodeInfo

  🚀 Since v4.31.0

  Description:

  Retrieve a list of all nodes of type room under a certain parent.

  Precondition:

  Right 🔓 read audit log required.

  Postcondition:

  List of rooms.

  Further Information:

  For rooms on root level, use parent_id = 0.

  Filtering:

  All filter fields are connected via logical conjunction (AND)
  Filter string syntax: FIELD_NAME:OPERATOR:VALUE[:VALUE...]

  Example

  nodeName:cn:searchString_1|nodeIsEncrypted:eq:true
  Filter by node name containing searchString_1 AND node is encrypted .

  Filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  nodeId	Node ID filter	eq	Node ID equals value.	positive Integer
  nodeName	Node name filter	cn, eq, sw	Node name contains / equals / starts with value.	search String
  nodeIsEncrypted	Encrypted node filter	eq		true or false

  ---

  Sorting:

  Sort string syntax: FIELD_NAME:ORDER
ORDER can be asc or desc.
  Multiple sort fields are supported.

  Example

  nodeName:asc
  Sort by nodeName ascending.

  Sorting options:

  Expand

  FIELD_NAME	Description
  nodeId	Node ID
  nodeName	Node name

• eventlog.requestAuditNodeUserData

  🚧 Deprecated since v4.32.0

  Description:

  Retrieve a list of all nodes of type room, and the room assignment users with permissions.

  Precondition:

  Right 🔓 read audit log required.

  Postcondition:

  List of rooms and their assigned users is returned.

  Further Information:

  Output is limited to 500 entries.
  For more results please use filter criteria and the limit parameter.

  Filtering:

  All filter fields are connected via logical conjunction (AND)
  Except for userName, userFirstName and userLastName - these are connected via logical disjunction (OR)
  Filter string syntax: FIELD_NAME:OPERATOR:VALUE[:VALUE...]

  Example

  userName:cn:searchString_1|userFirstName:cn:searchString_2|nodeId:eq:2
  Filter by user login containing searchString_1 OR first name containing searchString_2 AND node ID equals 2.

  Filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  nodeId	Node ID filter	eq	Node ID equals value.	positive Integer
  nodeName	Node name filter	cn, eq	Node name contains / equals value.	search String
  nodeParentId	Node parent ID filter	eq	Parent ID equals value.	positive Integer Parent ID 0 is the root node.
  userId	User ID filter	eq	User ID equals value.	positive Integer
  userName	Username (login) filter	cn, eq	Username contains / equals value.	search String
  userFirstName	User first name filter	cn, eq	User first name contains / equals value.	search String
  userLastName	User last name filter	cn, eq	User last name contains / equals value.	search String
  permissionsManage	Filter the users that do (not) have manage permissions in this room	eq		true or false
  nodeIsEncrypted	Encrypted node filter	eq		true or false
  nodeHasActivitiesLog	Activities log filter	eq		true or false

  Deprecated filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  nodeHasRecycleBin	Recycle bin filter Filter has no effect!	eq		true or false

  ---

  Sorting:

  Sort string syntax: FIELD_NAME:ORDER
ORDER can be asc or desc.
  Multiple sort fields are supported.

  Example

  nodeName:asc
  Sort by nodeName ascending.

  Sorting options:

  Expand

  FIELD_NAME	Description
  nodeId	Node ID
  nodeName	Node name
  nodeParentId	Node parent ID
  nodeSize	Node size
  nodeQuota	Node quota

• eventlog.requestLogEventsAsJson

  🚀 Since v4.3.0

  Description:

  Retrieve eventlog (audit log) events.

  Precondition:

  Role 👤 Log Auditor required.

  Postcondition:

  List of audit log events is returned.

  Further Information:

  Output is limited to 500 entries.
  For more results please use filter criteria and paging (offset + limit).

  Allowed Accept-Header:

  • Accept: application/json
  • Accept: text/csv

  ---

  Sort string syntax: FIELD_NAME:ORDER
ORDER can be asc or desc.
  Multiple sort fields are supported.

  Example

  time:desc
  Sort by time descending (default sort option).

  Sorting options:

  Expand

  FIELD_NAME	Description
  time	Event timestamp

• eventlog.requestLogOperations

  🚀 Since v4.3.0

  Description:

  Retrieve eventlog (audit log) operation IDs and the associated log operation description.

  Precondition:

  Role 👤 Log Auditor required.

  Postcondition:

  List of available log operations is returned.

  Further Information:

  None.

• groups.addGroupMembers

  Description:

  Add members to a group.

  Precondition:

  Right 🔓 change groups required.

  Postcondition:

  New members are added to the group.

  Further Information:

  Batch function.
  The newly provided members will be added to the existing ones.

• groups.createGroup

  Description:

  Create a new user group.

  Precondition:

  Right 🔓 change groups required.

  Postcondition:

  A new user group is created.

  Further Information:

  • If a group should NOT expire, leave expireAt empty.
  • Group names are limited to 150 characters
  • Forbidden characters in group name: [<, >]
• groups.removeGroup

  Description:

  Delete a user group.

  Precondition:

  Right 🔓 delete groups required.

  Postcondition:

  User group is deleted.

  Further Information:

  None.

• groups.removeGroupMembers

  Description:

  Remove group members.

  Precondition:

  Right 🔓 change groups required.

  Postcondition:

  Provided users are removed from the user group.

  Further Information:

  Batch function.
  The provided users are removed from the user group. Maximum number of users to remove in one request is 200.

• groups.requestGroup

  Description:

  Retrieve detailed information about a user group.

  Precondition:

  Right 🔓 read groups required.

  Postcondition:

  User group is returned.

  Further Information:

  None.

• groups.requestGroupMembers

  Description:

  Retrieve a list of group member users or / and users who can become a member.

  Precondition:

  Right 🔓 read groups required.

  Postcondition:

  List of users is returned.

  Further Information:

  Filtering:

  All filter fields are connected via logical conjunction (AND)
  Filter string syntax: FIELD_NAME:OPERATOR:VALUE

  Example

  isMember:eq:false|user:cn:searchString
  Get all users that are NOT in this group AND whose (firstName OR lastName OR email OR username) is like searchString.

  Filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  user	User filter	cn	User contains value (firstName OR lastName OR email OR username).	search String
  isMember	Filter group members	eq		true false any default: true

  Deprecated filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  displayName	User display name filter (use user filter)	cn	User display name contains value (firstName OR lastName OR email).	search String

• groups.requestGroupRoles

  Description:

  Retrieve a list of all roles granted to a group.

  Precondition:

  Right 🔓 read groups required.

  Postcondition:

  List of granted roles is returned.

  Further Information:

  None.

• groups.requestGroupRooms

  🚧 Deprecated since v4.10.0

  Description:

  Retrieves a list of rooms granted to the group and / or that can be granted.

  Precondition:

  Right 🔓 read groups required.

  Postcondition:

  List of rooms is returned.

  Further Information:

  Filtering:

  All filter fields are connected via logical conjunction (AND)
  Filter string syntax: FIELD_NAME:OPERATOR:VALUE

  Example

  isGranted:eq:false|name:cn:searchString
  Get all rooms where the group is NOT granted AND whose name is like searchString.

  Filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  name	Room name filter	cn	Room name contains value.	search String
  isGranted	Filter rooms which the group is (not) granted	eq		true false any default: true
  effectivePerm	Filter rooms with DIRECT or DIRECT AND EFFECTIVE permissions false: DIRECT permissions true: DIRECT AND EFFECTIVE permissions DIRECT means: e.g. room administrator grants read permissions to group of users directly on desired room. EFFECTIVE means: e.g. group of users gets read permissions on desired room through inheritance.	eq		true or false default: true

• groups.requestGroups

  Description:

  Returns a list of user groups.

  Precondition:

  Right 🔓 read groups required.

  Postcondition:

  List of user groups is returned.

  Further Information:

  Filtering:

  All filter fields are connected via logical conjunction (AND)
  Filter string syntax: FIELD_NAME:OPERATOR:VALUE

  Example

  name:cn:searchString
  Filter by group name containing searchString.

  Filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  name	Group name filter	cn	Group name contains value.	search String
  hasRole	(NEW) Group role filter For more information about roles check GET /roles API	eq	Group role equals value.	CONFIG_MANAGER - Manages global configuration USER_MANAGER - Manages users GROUP_MANAGER - Manages user groups ROOM_MANAGER - Manages top level rooms LOG_AUDITOR - Reads audit logs NONMEMBER_VIEWER - Views users and groups when having room "manage" permission

  ---

  Sorting:

  Sort string syntax: FIELD_NAME:ORDER
ORDER can be asc or desc.
  Multiple sort fields are supported.

  Example

  name:asc|expireAt:desc
  Sort by name ascending AND by expireAt descending.

  Sorting options:

  Expand

  FIELD_NAME	Description
  name	Group name
  createdAt	Creation date
  expireAt	Expiration date
  cntUsers	Amount of users

• groups.requestLastAdminRoomsGroups

  🚀 Since v4.10.0

  Description:

  Retrieve a list of all rooms where the group is defined as last admin group.

  Precondition:

  Right 🔓 change groups required.

  Postcondition:

  List of rooms is returned.

  Further Information:

  An empty list is returned if no rooms were found where the group is defined as last admin group.

• groups.updateGroup

  Description:

  Update user group's metadata .

  Precondition:

  Right 🔓 change groups required.

  Postcondition:

  User group's metadata is changed.

  Further Information:

  • If a group should NOT expire, leave expireAt empty.
  • Group names are limited to 150 characters
  • All characters are allowed.
• internal.internalRequestSubscriptionPlan

  🚀 Since v4.36.0

  Description:

  Get the subscription plan id of the current tenant

  Precondition:

  Valid X-SDS-Service-Token Header

  Postcondition:

  Returns SubscriptionPlanResponse model that includes subscription plan id.

  Further Information:

  None.

• internal.internalSetSubscriptionPlan

  🚀 Since v4.36.0

  Description:

  Change the subscription plan id of the current tenant

  Precondition:

  Valid X-SDS-Service-Token Header

  Postcondition:

  The subscription plan of the current tenant is set to the given value.
  Returns SubscriptionPlanResponse model that includes subscription plan id.

  Further Information:

  None.

• nodes.addFavorite

  Description:

  Marks a node (room, folder or file) as favorite.

  Precondition:

  Authenticated user is allowed to 👁 see the node (i.e. isBrowsable = true).

  Postcondition:

  A node gets marked as favorite.

  Further Information:

  None.

• nodes.addRoomGuestUsers

  Description:

  Add guest users to a room

  Precondition:

  User needs to be a 👤 Room Administrator. To add new members, the user needs the right 🔓 non-members add, which is included in any role. 👤 Guest User Policy needs to be enabled.

  Postcondition:

  New or existing Guest-Users now have guest-permissions for this room

  Further Information:

  Batch function.

• nodes.cancelFileUpload

  Description:

  Cancel a (S3) file upload and destroy the upload channel.

  Precondition:

  An upload channel has been created and user has to be the creator of the upload channel.

  Postcondition:

  The upload channel is removed and all temporary uploaded data is purged.

  Further Information:

  It is recommended to notify the API about cancelled uploads if possible.

• nodes.changePendingAssignments

  Description:

  Handles a list of user-room assignments by groups that have NOT been approved yet
  WAITING or DENIED assignments can be ACCEPTED.

  Precondition:

  None.

  Postcondition:

  User-room assignment is approved and the user gets access to the group.

  Further Information:

  Room administrators should SHOULD handle pending assignments to provide access to rooms for other users.

• nodes.completeFileUpload

  🚧 Deprecated since v4.9.0

  Use uploads API

  Description:

  Finishes an upload and closes the corresponding upload channel.

  Precondition:

  An upload channel has been created and data has been transmitted.

  Postcondition:

  The upload is finished and the temporary file is moved to the productive environment.

  Further Information:

  The provided file name might be changed in accordance with the resolution strategy:

  • autorename: changes the file name and adds a number to avoid conflicts.
  • overwrite: deletes any old file with the same file name.
  • fail: returns an error; in this case, another PUT request with a different file name may be sent.

  Please ensure that all chunks have been transferred correctly before finishing the upload.
  Download share id (if exists) gets changed if:

  • node with the same name exists in the target container
  • resolutionStrategy is overwrite
  • keepShareLinks is true

  Node naming convention:

  • Node (room, folder, file) names are limited to 150 characters.
  • Illegal names:
    'CON', 'PRN', 'AUX', 'NUL', 'COM1', 'COM2', 'COM3', 'COM4', 'COM5', 'COM6', 'COM7', 'COM8', 'COM9', 'LPT1', 'LPT2', 'LPT3', 'LPT4', 'LPT5', 'LPT6', 'LPT7', 'LPT8', 'LPT9', (and any of those with an extension)
  • Illegal characters in names:
    '\\', '<','>', ':', '\"', '|', '?', '*', '/', leading '-', trailing '.'
• nodes.completeS3FileUpload

  🚀 Since v4.15.0

  Description:

  Finishes a S3 file upload and closes the corresponding upload channel.

  Precondition:

  An upload channel has been created, data has been transmitted and user has to be the creator of the upload channel

  Postcondition:

  Upload channel is closed. S3 multipart upload request is completed.

  Further Information:

  Download share id (if exists) gets changed if:

  • node with the same name exists in the target container
  • resolutionStrategy is overwrite
  • keepShareLinks is true
• nodes.configureRoom

  Description:

  Configure a room.

  Precondition:

  User needs to be a 👤 Room Administrator.

  Postcondition:

  Room's configuration is changed.

  Further Information:

  Provided (or default) classification is taken from room when file gets uploaded without any classification.

  To set adminIds or adminGroupIds the inheritPermissions value has to be false. Otherwise use:

  • PUT /nodes/rooms/{room_id}/groups
  • PUT /nodes/rooms/{room_id}/users

  APIs.

• nodes.copyNodes

  Description:

  Copies nodes (folder, file) to another parent.

  Precondition:

  Authenticated user with 🔓 read permissions in the source parent and 🔓 create permissions in the target parent node.

  Postcondition:

  Nodes are copied to target parent.

  Further Information:

  Nodes MUST be in same source parent.
  Rooms CANNOT be copied.

  Download share id (if exists) gets changed if:

  • node with the same name exists in the target container
  • resolutionStrategy is overwrite
  • keepShareLinks is true

  Node naming convention:

  • Node (room, folder, file) names are limited to 150 characters.
  • Illegal names:
    'CON', 'PRN', 'AUX', 'NUL', 'COM1', 'COM2', 'COM3', 'COM4', 'COM5', 'COM6', 'COM7', 'COM8', 'COM9', 'LPT1', 'LPT2', 'LPT3', 'LPT4', 'LPT5', 'LPT6', 'LPT7', 'LPT8', 'LPT9', (and any of those with an extension)
  • Illegal characters in names:
    '\\', '<','>', ':', '\"', '|', '?', '*', '/', leading '-', trailing '.'
• nodes.createAndPreserveRoomRescueKeyPair

  🚀 Since v4.24.0

  Description:

  Create room rescue key pair and preserve copy of old private key.

  Precondition:

  User needs to be a 👤 Room Administrator.

  Postcondition:

  Room rescue key pair is created.
  Copy of old private key is preserved.

  Further Information:

  You can submit your old private key, encrypted with your current password.
  This allows migrating file keys encrypted with your old key pair to the new one.

• nodes.createFileUploadChannel

  Description:

  This endpoint creates a new upload channel which is the first step in any file upload workflow.

  Precondition:

  User has 🔓 create permissions in the parent container (room or folder).

  Postcondition:

  A new upload channel for a file is created.
  Its ID and an upload token are returned.

  Further Information:

  The upload ID is used for uploads with X-Sds-Auth-Token header, the upload token can be used for uploads without authentication header.

  Please provide the size of the intended upload so that the quota can be checked in advanced and no data is transferred unnecessarily.

  Notes are limited to 255 characters.

  Node naming convention:

  • Node (room, folder, file) names are limited to 150 characters.
  • Illegal names:
    'CON', 'PRN', 'AUX', 'NUL', 'COM1', 'COM2', 'COM3', 'COM4', 'COM5', 'COM6', 'COM7', 'COM8', 'COM9', 'LPT1', 'LPT2', 'LPT3', 'LPT4', 'LPT5', 'LPT6', 'LPT7', 'LPT8', 'LPT9', (and any of those with an extension)
  • Illegal characters in names:
    '\\', '<','>', ':', '\"', '|', '?', '*', '/', leading '-', trailing '.'
• nodes.createFolder

  Description:

  Create a new folder.

  Precondition:

  User has 🔓 create permissions in current room.

  Postcondition:

  New folder is created.

  Further Information:

  Folders CANNOT be created on top level (without parent element).
  Notes are limited to 255 characters.

  Node naming convention:

  • Node (room, folder, file) names are limited to 150 characters.
  • Illegal names:
    'CON', 'PRN', 'AUX', 'NUL', 'COM1', 'COM2', 'COM3', 'COM4', 'COM5', 'COM6', 'COM7', 'COM8', 'COM9', 'LPT1', 'LPT2', 'LPT3', 'LPT4', 'LPT5', 'LPT6', 'LPT7', 'LPT8', 'LPT9', (and any of those with an extension)
  • Illegal characters in names:
    '\\', '<','>', ':', '\"', '|', '?', '*', '/', leading '-', trailing '.'
• nodes.createNodeComment

  🚀 Since v4.10.0

  Description:

  Create a comment for a specific node.

  Precondition:

  User has 🔓 read permissions on the node.

  Postcondition:

  Comment is created.

  Further Information:

  Maximum allowed text length: 65535 characters.

• nodes.createRoom

  Description:

  Creates a new room at the provided parent node.
  Creation of top level rooms provided.

  Precondition:

  User has 🔓 manage permissions in the parent room.

  Postcondition:

  A new room is created.

  Further Information:

  Rooms may only have other rooms as parent.
  Rooms on top level do NOT have any parent.
  Rooms may have rooms as children on n hierarchy levels.
  If permission inheritance is disabled, there MUST be at least one admin user / group (with neither the group nor the user having an expiration date).

  Notes are limited to 255 characters.

  Provided (or default) classification is taken from room when file gets uploaded without any classification.

  Node naming convention:

  • Node (room, folder, file) names are limited to 150 characters.
  • Illegal names:
    'CON', 'PRN', 'AUX', 'NUL', 'COM1', 'COM2', 'COM3', 'COM4', 'COM5', 'COM6', 'COM7', 'COM8', 'COM9', 'LPT1', 'LPT2', 'LPT3', 'LPT4', 'LPT5', 'LPT6', 'LPT7', 'LPT8', 'LPT9', (and any of those with an extension)
  • Illegal characters in names:
    '\\', '<','>', ':', '\"', '|', '?', '*', '/', leading '-', trailing '.'
• nodes.downloadZipArchive

  Description:

  Download multiple files in a ZIP archive.

  Precondition:

  User has 🔓 read permissions in auth parent room.

  Postcondition:

  Stream is returned.

  Further Information:

  None.

• nodes.emptyDeletedNodes

  Description:

  Empty a recycle bin.

  Precondition:

  User has 🔓 delete recycle bin permissions in parent room.

  Postcondition:

  All files in the recycle bin are permanently removed.

  Further Information:

  Actually removes the previously deleted files from the system.
  This action is irreversible.

• nodes.encryptRoom

  Description:

  Activates the client-side encryption for a room.

  Precondition:

  User needs to be a 👤 Room Administrator.

  Postcondition:

  Encryption of room is activated.

  Further Information:

  Only empty rooms at the top level may be encrypted.
  This endpoint may also be used to disable encryption of an empty room.

• nodes.generateDownloadUrl

  Description:

  Create a download URL to retrieve a file without X-Sds-Auth-Token Header.

  Precondition:

  User with 🔓 read permissions in parent room.

  Postcondition:

  Download token is generated and returned.

  Further Information:

  The token is necessary to access downloads ressources.

• nodes.generateDownloadUrlForZipArchive

  Description:

  Create a download URL to retrieve several files in one ZIP archive.

  Precondition:

  User has 🔓 read permissions in parent room.

  Postcondition:

  Download URL is generated and returned.

  Further Information:

  The token is necessary to access downloads resources.
  ZIP download is only available for files and folders.

• nodes.generatePresignedUrlsFiles

  🚀 Since v4.15.0

  Description:

  Generate presigned URLs for S3 file upload.

  Precondition:

  An upload channel has been created and user has to be the creator of the upload channel.

  Postcondition:

  List of presigned URLs is returned.

  Further Information:

  The size for each part must be >= 5 MB, except for the last part.
  The part number of the first part in S3 is 1 (not 0).
  Use HTTP method PUT for uploading bytes via presigned URL.

• nodes.handleRoomWebhookAssignments

  🚀 Since v4.19.0

  Description:

  Handle room webhook assignments.

  Precondition:

  User needs to be a 👤 Room Administrator.

  Postcondition:

  List of webhooks is returned.

  Further Information:

  None.

  Available event types:

  Expand

  Name	Description	Scope
  downloadshare.created	Triggered when a new download share is created in affected room	Node Webhook
  downloadshare.deleted	Triggered when a download share is deleted in affected room	Node Webhook
  downloadshare.used	Triggered when a download share is utilized in affected room	Node Webhook
  uploadshare.created	Triggered when a new upload share is created in affected room	Node Webhook
  uploadshare.deleted	Triggered when a upload share is deleted in affected room	Node Webhook
  uploadshare.used	Triggered when a new file is uploaded via the upload share in affected room	Node Webhook
  file.created	Triggered when a new file is uploaded in affected room	Node Webhook
  folder.created	Triggered when a new folder is created in affected room	Node Webhook
  room.created	Triggered when a new room is created (in affected room)	Node Webhook
  file.deleted	Triggered when a file is deleted in affected room	Node Webhook
  folder.deleted	Triggered when a folder is deleted in affected room	Node Webhook
  room.deleted	Triggered when a room is deleted in affected room	Node Webhook

• nodes.moveNodes

  Description:

  Moves nodes (folder, file) to another parent.

  Precondition:

  Authenticated user with 🔓 read and 🔓 delete permissions in the source parent and 🔓 create permissions in the target parent node.

  Postcondition:

  Nodes are moved to target parent.

  Further Information:

  Nodes MUST be in same source parent.
  Rooms CANNOT be moved.

  Download share id (if exists) gets changed if:

  • node with the same name exists in the target container
  • resolutionStrategy is overwrite
  • keepShareLinks is true

  Node naming convention:

  • Node (room, folder, file) names are limited to 150 characters.
  • Illegal names:
    'CON', 'PRN', 'AUX', 'NUL', 'COM1', 'COM2', 'COM3', 'COM4', 'COM5', 'COM6', 'COM7', 'COM8', 'COM9', 'LPT1', 'LPT2', 'LPT3', 'LPT4', 'LPT5', 'LPT6', 'LPT7', 'LPT8', 'LPT9', (and any of those with an extension)
  • Illegal characters in names:
    '\\', '<','>', ':', '\"', '|', '?', '*', '/', leading '-', trailing '.'
• nodes.removeDeletedNodes

  Description:

  Permanently remove a list of nodes from the recycle bin.

  Precondition:

  User has 🔓 delete recycle bin permissions in parent room.

  Postcondition:

  All provided nodes are removed.

  Further Information:

  The removal of deleted nodes from the recycle bin is irreversible.

• nodes.removeFavorite

  Description:

  Unmarks a node (room, folder or file) as favorite.

  Precondition:

  Authenticated user is allowed to 👁 see the node (i.e. isBrowsable = true).

  Postcondition:

  A node gets unmarked as favorite.

  Further Information:

  None.

• nodes.removeNode

  Description:

  Delete node (room, folder or file).

  Precondition:

  Authenticated user with 🔓 delete permissions on supplied nodes (for folders or files) or on superordinated node (for rooms).

  Postcondition:

  Node gets deleted.

  Further Information:

  None.

• nodes.removeNodeComment

  🚀 Since v4.10.0

  Description:

  Delete an existing comment for a specific node.

  Precondition:

  User has 🔓 read permissions on the node and is the creator of the comment OR 👤 Room Administrator in auth parent room.

  Postcondition:

  Comment is deleted.

  Further Information:

  None.

• nodes.removeNodes

  Description:

  Delete nodes (room, folder or file).

  Precondition:

  Authenticated user with 🔓 delete permissions on supplied nodes (for folders or files) or on superordinated node (for rooms).

  Postcondition:

  Nodes are deleted.

  Further Information:

  Nodes MUST be in same parent.

• nodes.removeRoomRescueKeyPair

  🚀 Since v4.24.0

  Description:

  Delete room rescue key pair.

  Precondition:

  Authenticated user.

  Postcondition:

  Key pair is removed (cf. further information below).

  Further Information:

  Please set a new room rescue key pair first and re-encrypt file keys with it.
  If no version is set, deleted key pair with lowest preference value.
  Although, version SHOULD be set.

• nodes.requestDeletedNode

  Description:

  Get metadata of a deleted node.

  Precondition:

  User can access parent room and has 🔓 read recycle bin permissions.

  Postcondition:

  Requested deleted node is returned.

  Further Information:

  None.

• nodes.requestDeletedNodesSummary

  Description:

  Retrieve a list of deleted nodes in a recycle bin.

  Precondition:

  User can access parent room and has 🔓 read recycle bin permissions.

  Postcondition:

  List of deleted nodes is returned.

  Further Information:

  Only room IDs are accepted as parent ID since only rooms may have a recycle bin.

  Filtering:

  All filter fields are connected via logical conjunction (AND)
  Filter string syntax: FIELD_NAME:OPERATOR:VALUE[:VALUE...]

  Example

  type:eq:file:folder|name:cn:searchString_1|parentPath:cn:searchString_2
  Get deleted nodes where type equals (file OR folder) AND deleted node name containing searchString_1 AND deleted node parent path containing searchString 2.

  Filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  type	Node type filter	eq	Node type equals value(s). Multiple values are allowed and will be connected via logical disjunction (OR). e.g. type:eq:folder:file	folder file
  name	Node name filter	cn	Node name contains value.	search String
  parentPath	Parent path filter	cn	Parent path contains value.	search String
  timestampCreation	Creation timestamp filter	ge, le	Creation timestamp is greater / less equals than value. Multiple operator values are allowed and will be connected via logical conjunction (AND). e.g. timestampCreation:ge:2016-12-31| timestampCreation:le:2018-01-01	Date (yyyy-MM-dd)
  timestampModification	Modification timestamp filter	ge, le	Modification timestamp is greater / less equals than value. Multiple operator values are allowed and will be connected via logical conjunction (AND). e.g. timestampModification:ge:2016-12-31T23:00:00.123| timestampModification:le:2018-01-01T11:00:00.540	Date (yyyy-MM-dd)

  ---

  Sorting:

  Sort string syntax: FIELD_NAME:ORDER
ORDER can be asc or desc.
  Multiple sort criteria are possible.
  Fields are connected via logical conjunction AND.
  Nodes are sorted by type first, then by sent sort string.

  Example

  name:desc|timestampCreation:asc
  Sort by name descending AND timestampCreation ascending.

  Sorting options:

  Expand

  FIELD_NAME	Description
  name	Node name
  cntVersions	Number of deleted versions of this file
  firstDeletedAt	First deleted version
  lastDeletedAt	Last deleted version
  parentPath	Parent path of deleted node
  timestampCreation	Creation timestamp
  timestampModification	Modification timestamp

• nodes.requestDeletedNodeVersions

  Description:

  Retrieve all deleted versions of a node.

  Precondition:

  User can access parent room and has 🔓 read recycle bin permissions.

  Postcondition:

  List of deleted versions of a node is returned.

  Further Information:

  The node is identified by three parameters:

  • parent ID
  • name
  • type (file, folder).

  Sort string syntax: FIELD_NAME:ORDER
ORDER can be asc or desc.
  Multiple sort criteria are possible.
  Fields are connected via logical conjunction AND.

  Example

  expireAt:desc|size:asc
  Sort by expireAt descending AND size ascending.

  Sorting options:

  Expand

  FIELD_NAME	Description
  expireAt	Expiration date
  accessedAt	Last access date
  size	Node size
  classification	Classification ID: 1 - public 2 - internal 3 - confidential 4 - strictly confidential
  createdAt	Creation date
  createdBy	Creator first name, last name
  updatedAt	Last modification date
  updatedBy	Last modifier first name, last name
  deletedAt	Deleted date
  deletedBy	Deleter first name, last name

• nodes.requestFileVersionList

  🚀 Since v4.37.0

  Description:

  Request a list of file versions. Both nodes and deleted nodes are included, depending on the user's permissions.

  Precondition:

  User has 🔓 read/read recycle bin permissions in parent room.

  Postcondition:

  List of file versions is returned.

  Further Information:

  Maximum number of file versions is 500. The list is sorted by ID DESC.

• nodes.requestListOfWebhooksForRoom

  🚀 Since v4.19.0

  Description:

  Get a list of webhooks for the room scope with their assignment status.

  Precondition:

  User needs to be a 👤 Room Administrator.

  Postcondition:

  List of webhooks is returned.

  Further Information:

  Filtering:

  All filter fields are connected via logical conjunction (AND)
  Filter string syntax: FIELD_NAME:OPERATOR:VALUE[:VALUE...]

  Example

  isAssigned:eq:true
  Get a list of assigned webhooks to the room.

  Filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  isAssigned	Assigned/unassigned webhooks filter	eq		true or false

• nodes.requestMissingFileKeys

  Description:

  Requests a list of missing file keys that may be generated by the current user.

  Precondition:

  User has a key pair.
  Only returns users that owns one of the following permissions: 🔓 manage, 🔓 read, 🔓 manage download share

  Postcondition:

  None.

  Further Information:

  Clients SHOULD regularly request missing file keys to provide access to files for other users.
  The returned list is ordered by priority (emergency passwords / rescue keys are returned first). There is an enforced limit of 100 items per request. A total value greater than limit signals that there are more entries but does not necessarily reflect the precise number of total items.

• nodes.requestNode

  Description:

  Get node (room, folder or file).

  Precondition:

  User has 🔓 read permissions in auth parent room.

  Postcondition:

  Requested node is returned.

  Further Information:

  None.

• nodes.requestNodeComments

  🚀 Since v4.10.0

  Description:

  Get comments for a specific node.

  Precondition:

  User has 🔓 read permissions on the node.

  Postcondition:

  List with comments (sorted by createdAt timestamp) is returned.

  Further Information:

  An empty list is returned if no comments were found.
  Output is limited to 500 entries.
  For more results please use filter criteria and paging (offset + limit).

• nodes.requestNodeParents

  🚀 Since v4.10.0

  Description:

  Requests a list of node ancestors, sorted from root node to the node's direct parent node.

  Precondition:

  User is allowed to browse through the node tree until the requested node.

  Postcondition:

  List of parent nodes is returned.

  Further Information:

  None.

• nodes.requestNodes

  Description:

  Provides a hierarchical list of file system nodes (rooms, folders or files) of a given parent that are accessible by the current user.

  Precondition:

  Authenticated user.

  Postcondition:

  List of nodes is returned.

  Further Information:

  EncryptionInfo is NOT provided.

  Filtering:

  All filter fields are connected via logical conjunction (AND)
  Filter string syntax: FIELD_NAME:OPERATOR:VALUE[:VALUE...]

  Example

  type:eq:room:folder|perm:eq:read
  Get nodes where type equals (room OR folder) AND user has read permissions.

  Filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  type	Node type filter	eq	Node type equals value. Multiple values are allowed and will be connected via logical disjunction (OR). e.g. type:eq:room:folder	room folder file
  perm	Permission filter	eq	Permission equals value. Multiple values are allowed and will be connected via logical disjunction (OR). e.g. perm:eq:read:create:delete	manage read change create delete manageDownloadShare manageUploadShare canReadRecycleBin canRestoreRecycleBin canDeleteRecycleBin
  childPerm	Same as perm, but less restrictive (applies to child nodes only). Child nodes of the parent node which do not meet the filter condition are NOT returned.	eq	cf. perm	cf. perm
  name	Node name filter	cn, eq	Node name contains / equals value.	search String
  encrypted	Node encryption status filter	eq		true or false
  branchVersion	Node branch version filter	ge, le	Branch version is greater / less equals than value. Multiple operator values are allowed and will be connected via logical conjunction (AND). e.g. branchVersion:ge:1423280937404|branchVersion:le:1523280937404	version number
  timestampCreation	Creation timestamp filter	ge, le	Creation timestamp is greater / less equals than value. Multiple operator values are allowed and will be connected via logical conjunction (AND). e.g. timestampCreation:ge:2016-12-31T23:00:00.123| timestampCreation:le:2018-01-01T11:00:00.540	Date (yyyy-MM-dd)
  timestampModification	Modification timestamp filter	ge, le	Modification timestamp is greater / less equals than value. Multiple operator values are allowed and will be connected via logical conjunction (AND). e.g. timestampModification:ge:2016-12-31T23:00:00.123| timestampModification:le:2018-01-01T11:00:00.540	Date (yyyy-MM-dd)
  referenceId	Reference ID filter	eq	Reference ID equals value.	Integer

  ---

  Sorting:

  Sort string syntax: FIELD_NAME:ORDER
ORDER can be asc or desc.
  Multiple sort criteria are possible.
  Fields are connected via logical conjunction AND.
  Nodes are sorted by type first, then by sent sort string.

  Example

  name:desc|fileType:asc
  Sort by name descending AND fileType ascending.

  Sorting options:

  Expand

  FIELD_NAME	Description
  name	Node name
  createdAt	Creation date
  createdBy	Creator first name, last name
  updatedAt	Last modification date
  updatedBy	Last modifier first name, last name
  fileType	File type (extension)
  classification	Classification ID: 1 - public 2 - internal 3 - confidential 4 - strictly confidential
  size	Node size
  cntDeletedVersions	Number of deleted versions of this file / folder (NOT recursive; for files and folders only)
  timestampCreation	Creation timestamp
  timestampModification	Modification timestamp

  Deprecated sorting options:

  Expand

  FIELD_NAME	Description
  cntChildren	Number of direct children (NOT recursive; for rooms and folders only)

• nodes.requestPendingAssignments

  Description:

  Requests a list of user-room assignments by groups that have NOT been approved yet
  These can have the state:

  • WAITING
  • DENIED
  • ACCEPTED

  ACCEPTED assignments are already removed from the list.

  Precondition:

  None.

  Postcondition:

  List of user-room assignments is returned.

  Further Information:

  Room administrators SHOULD regularly request pending assingments to provide access to rooms for other users.

  Filtering:

  All filter fields are connected via logical conjunction (AND)
  Filter string syntax: FIELD_NAME:OPERATOR:VALUE

  Example

  state:eq:WAITING
  Filter assignments by state WAITING.

  Filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  userId	User ID filter	eq	User ID equals value.	positive Integer
  groupId	Group ID filter	eq	Group ID equals value.	positive Integer
  roomId	Room ID filter	eq	Room ID equals value.	positive Integer
  state	Assignment state	eq	Assignment state equals value.	WAITING or DENIED

  ---

  Sorting:

  Sort string syntax: FIELD_NAME:ORDER
ORDER can be asc or desc.
  Multiple sort criteria are possible.
  Fields are connected via logical conjunction AND.

  Example

  userId:desc|state:asc
  Sort by userId descending AND state ascending.

  Sorting options:

  Expand

  FIELD_NAME	Description
  userId	User ID
  groupId	Group ID
  roomId	Room ID
  state	State

• nodes.requestRoomActivitiesLogAsJson

  🚀 Since v4.3.0

  Description:

  Retrieve syslog (audit log) events related to a room.

  Precondition:

  Requires 🔓 read permissions on that room.

  Postcondition:

  List of events is returned.

  Further Information:

  Output may be limited to a certain number of entries.
  Please use filter criteria and paging.

  Sort string syntax: FIELD_NAME:ORDER
ORDER can be asc or desc.
  Multiple sort fields are supported.

  Example

  time:desc
  Sort by time descending (default sort option).

  Sorting options:

  Expand

  FIELD_NAME	Description
  time	Event timestamp

• nodes.requestRoomGroups

  Description:

  Retrieve a list of groups that are and / or can be granted to the room.

  Precondition:

  Any permissions on target room.

  Postcondition:

  List of groups is returned.

  Further Information:

  Filtering:

  All filter fields are connected via logical conjunction (AND)
  Filter string syntax: FIELD_NAME:OPERATOR:VALUE

  Example

  isGranted:eq:false|name:cn:searchString
  Get all groups that are NOT granted to this room AND whose name is like searchString.

  Filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  name	Group name filter	cn	Group name contains value.	search String
  groupId	Group ID filter	eq	Group ID equals value.	positive Integer
  isGranted	Filter the groups that have (no) access to this room. This filter is only available for room administrators. Other users can only look for groups in their rooms, so this filter is true and CANNOT be overridden.	eq		true false any default: true
  permissionsManage	Filter the groups that do (not) have manage permissions in this room.	eq		true or false
  effectivePerm	Filter groups with DIRECT or DIRECT AND EFFECTIVE permissions false: DIRECT permissions true: DIRECT AND EFFECTIVE permissions DIRECT means: e.g. room administrator grants read permissions to group of users directly on desired room. EFFECTIVE means: e.g. group of users gets read permissions on desired room through inheritance.	eq		true or false default: false

  ---

  Sorting:

  Sort string syntax: FIELD_NAME:ORDER
ORDER can be asc or desc.
  Multiple sort criteria are possible.
  Fields are connected via logical conjunction AND.

  Example

  name:desc
  Sort by name descending.

  Sorting options:

  Expand

  FIELD_NAME	Description
  name	Group name

• nodes.requestRoomPolicies

  🚀 Since v4.32.0

  Description:

  Retrieve the room policies:

  • defaultExpirationPeriod

  Precondition:

  User has 🔓 read permissions in that room.

  Postcondition:

  Room Policies returned.

  Further Information:

  defaultExpirationPeriod: Default policy room expiration period in seconds. All existing and future files in a room will have their expiration date set to this period after their respective upload. Existing files can be set to expire earlier afterwards. 0 means no default expiration policy will be enforced.

• nodes.requestRoomRescueKey

  🚧 Deprecated since v4.24.0

  Description:

  Returns the file key for the room emergency password / rescue key of a certain file (if available).

  Precondition:

  User with 🔓 read permissions in parent room.

  Postcondition:

  File key is returned.

  Further Information:

  None.

• nodes.requestRoomRescueKeyPair

  Description:

  Retrieve the room rescue key pair.

  Precondition:

  User has 🔓 read permissions in that room.

  Postcondition:

  Key pair is returned.

  Further Information:

  None.

• nodes.requestRoomRescueKeyPairs

  🚀 Since v4.24.0

  Description:

  Retrieve all room rescue key pairs to allow migrating room-rescue-key-encrypted file keys.

  Precondition:

  User has 🔓 read permissions in that room.

  Postcondition:

  List of key pairs is returned.

  Further Information:

  In the case of an algorithm migration to a room rescue key pair, one should create the new key pair before deleting the old one. This allows re-encrypting file keys with the new key pair, using the old one.

  This API allows to retrieve both key pairs, in contrast to GET /nodes/rooms/{room_id}/keypair, which only delivers the preferred one.

• nodes.requestRoomS3Tags

  🚀 Since v4.9.0

  Description:

  Retrieve a list of S3 tags assigned to a room.

  Precondition:

  User needs to be a 👤 Room Administrator.

  Postcondition:

  List of assigned S3 tags is returned.

  Further Information:

  None.

• nodes.requestRoomUsers

  Description:

  Retrieve a list of users that are and / or can be granted to the room.

  Precondition:

  Any permissions on target room.

  Postcondition:

  None.

  Further Information:

  List of users is returned.

  Filtering:

  All filter fields are connected via logical conjunction (AND)
  Filter string syntax: FIELD_NAME:OPERATOR:VALUE

  Example

  permissionsManage:eq:true|user:cn:searchString
  Get all users that have manage permissions to this room AND whose (firstName OR lastName OR email OR username) is like searchString.

  Filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  user	User filter	cn	User contains value (firstName OR lastName OR email OR username).	search String
  userId	User ID filter	eq	User ID equals value.	positive Integer
  isGranted	Filter the users that have (no) access to this room. This filter is only available for room administrators. Other users can only look for users in their rooms, so this filter is true and CANNOT be overridden.	eq		true false any default: true
  permissionsManage	Filter the users that do (not) have manage permissions in this room.	eq		true or false
  effectivePerm	Filter users with DIRECT or DIRECT AND EFFECTIVE permissions false: DIRECT permissions true: DIRECT AND EFFECTIVE permissions any: DIRECT AND EFFECTIVE AND OVER GROUP permissions DIRECT means: e.g. room administrator grants read permissions to group of users directly on desired room. EFFECTIVE means: e.g. group of users gets read permissions on desired room through inheritance. OVER GROUP means: e.g. user gets read permissions on desired room through group membership.	eq		true false any default: false
  hasRole	User role filter For more Roles information please call GET /roles API	eq, neq	User role equals value.	CONFIG_MANAGER - Manage global configs USER_MANAGER - Manage Users GROUP_MANAGER - Manage User-Groups ROOM_MANAGER - Manage top level Data Rooms LOG_AUDITOR - Read logs NONMEMBER_VIEWER - View users and groups when having room manage permission USER - Regular User role GUEST_USER - Guest User role

  Deprecated filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  displayName	User display name filter (use user filter)	cn	User display name contains value (firstName OR lastName OR email).	search String

  ---

  Sorting:

  Sort string syntax: FIELD_NAME:ORDER
ORDER can be asc or desc.
  Multiple sort criteria are possible.
  Fields are connected via logical conjunction AND.

  Example

  user:desc
  Sort by user descending.

  Sorting options:

  Expand

  FIELD_NAME	Description
  user	User - sort by firstName, lastName, username, email (in this order)

• nodes.requestSystemRescueKey

  🚧 Deprecated since v4.24.0

  Description:

  Returns the file key for the system emergency password / rescue key of a certain file (if available).

  Precondition:

  User with 🔓 read permissions in parent room.

  Postcondition:

  File key is returned.

  Further Information:

  None.

• nodes.requestUploadStatusFiles

  🚀 Since v4.15.0

  Description:

  Request status of a S3 file upload.

  Precondition:

  An upload channel has been created and user has to be the creator of the upload channel.

  Postcondition:

  Status of S3 multipart upload request is returned.

  Further Information:

  None.

  Possible errors:

  Expand

  Http Status	Error Code	Description
  400 Bad Request	-80000	Mandatory fields cannot be empty
  400 Bad Request	-80001	Invalid positive number
  400 Bad Request	-80002	Invalid number
  400 Bad Request	-40001	(Target) room is not encrypted
  400 Bad Request	-40755	Bad file name
  400 Bad Request	-40763	File key must be set for an upload into encrypted room
  400 Bad Request	-50506	Exceeds the number of files for this Upload Share
  403 Forbidden		Access denied
  404 Not Found	-20501	Upload not found
  404 Not Found	-40000	Container not found
  404 Not Found	-41000	Node not found
  404 Not Found	-70501	User not found
  409 Conflict	-40010	Container cannot be overwritten
  409 Conflict		File cannot be overwritten
  500 Internal Server Error		System Error
  502 Bad Gateway		S3 Error
  502 Insufficient Storage	-50504	Exceeds the quota for this Upload Share
  502 Insufficient Storage	-40200	Exceeds the free node quota in room
  502 Insufficient Storage	-90200	Exceeds the free customer quota
  502 Insufficient Storage	-90201	Exceeds the free customer physical disk space

• nodes.requestUserFileKey

  Description:

  Returns the file key for the current user (if available).

  Precondition:

  User with one of the following permissions in parent room: 🔓 manage, 🔓 read, 🔓 manage download share

  Postcondition:

  File key is returned.

  Further Information:

  The symmetric file key is encrypted with the user's public key.
  File keys are generated with the workflow "Generate file keys" that starts at GET /nodes/missingFileKeys.

• nodes.restoreNodes

  Description:

  Restore a list of deleted nodes.

  Precondition:

  User has 🔓 create permissions in parent room and 🔓 restore recycle bin permissions.

  Postcondition:

  The selected files are moved from the recycle bin to the chosen productive container.

  Further Information:

  If no parent ID is provided, the node is restored to its previous location.
  The default resolution strategy is autorename that adds numbers to the file name until the conflict is solved.
  If an existing file is overwritten, it is moved to the recycle bin instead of the restored one.

  Download share id (if exists) gets changed if:

  • node with the same name exists in the target container
  • resolutionStrategy is overwrite
  • keepShareLinks is true
• nodes.revokeRoomGroups

  Description:

  Revoke granted groups from room.

  Precondition:

  User needs to be a 👤 Room Administrator.

  Postcondition:

  Group's permissions are revoked.

  Further Information:

  Batch function.

• nodes.revokeRoomUsers

  Description:

  Revoke granted users from room.

  Precondition:

  User needs to be a 👤 Room Administrator.

  Postcondition:

  User's permissions are revoked.

  Further Information:

  Batch function.

• nodes.searchNodes

  Description:

  Provides a flat list of file system nodes (rooms, folders or files) of a given parent that are accessible by the current user.

  Precondition:

  Authenticated user is allowed to 👁 see nodes (i.e. isBrowsable = true).

  Postcondition:

  List of nodes is returned.

  Further Information:

  Output is limited to 500 entries.
  For more results please use filter criteria and paging (offset + limit).
  EncryptionInfo is NOT provided.
  Wildcard character is the asterisk character: *

  Filtering:

  All filter fields are connected via logical conjunction (AND)
  Filter string syntax: FIELD_NAME:OPERATOR:VALUE[:VALUE...]

  Example

  type:eq:file|createdAt:ge:2015-01-01
  Get nodes where type equals file AND file creation date is >= 2015-01-01.

  Filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  type	Node type filter	eq	Node type equals value. Multiple values are allowed and will be connected via logical disjunction (OR). e.g. type:eq:room:folder	room folder file
  fileType	File type filter (file extension)	cn, eq	File type contains / equals value.	search String
  classification	Classification filter	eq	Classification equals value.	1 - public 2 - internal 3 - confidential 4 - strictly confidential
  createdBy	Creator login filter	cn, eq	Creator login contains / equals value (firstName OR lastName OR email OR username).	search String
  createdById	Creator ID filter	eq	Creator ID equals value.	positive Integer or -1 for external user
  createdAt	Creation date filter	ge, le	Creation date is greater / less equals than value. Multiple operator values are allowed and will be connected via logical conjunction (AND). e.g. createdAt:ge:2016-12-31|createdAt:le:2018-01-01	Date (yyyy-MM-dd)
  updatedBy	Last modifier login filter	cn, eq	Last modifier login contains / equals value (firstName OR lastName OR email OR username).	search String
  updatedById	Last modifier ID filter	eq	Modifier ID equals value.	positive Integer or -1 for external user
  updatedAt	Last modification date filter	ge, le	Last modification date is greater / less equals than value. Multiple operator values are allowed and will be connected via logical conjunction (AND). e.g. updatedAt:ge:2016-12-31|updatedAt:le:2018-01-01	Date (yyyy-MM-dd)
  expireAt	Expiration date filter	ge, le	Expiration date is greater / less equals than value. Multiple operator values are allowed and will be connected via logical conjunction (AND). e.g. expireAt:ge:2016-12-31|expireAt:le:2018-01-01	Date (yyyy-MM-dd)
  size	Node size filter	ge, le	Node size is greater / less equals than value. Multiple operator values are allowed and will be connected via logical conjunction (AND). e.g. size:ge:5|size:le:10	size in bytes
  isFavorite	Favorite filter	eq		true or false
  branchVersion	Node branch version filter	ge, le	Branch version is greater / less equals than value. Multiple operator values are allowed and will be connected via logical conjunction (AND). e.g. branchVersion:ge:1423280937404|branchVersion:le:1523280937404	version number
  parentPath	Parent path	cn, eq	Parent path contains / equals value.	search String
  timestampCreation	Creation timestamp filter	ge, le	Creation timestamp is greater / less equals than value. Multiple operator values are allowed and will be connected via logical conjunction (AND). e.g. timestampCreation:ge:2016-12-31T23:00:00.123| timestampCreation:le:2018-01-01T11:00:00.540	Date (yyyy-MM-dd)
  timestampModification	Modification timestamp filter	ge, le	Modification timestamp is greater / less equals than value. Multiple operator values are allowed and will be connected via logical conjunction (AND). e.g. timestampModification:ge:2016-12-31T23:00:00.123| timestampModification:le:2018-01-01T11:00:00.540	Date (yyyy-MM-dd)
  referenceId	Reference ID filter	eq	Reference ID equals value.	Integer

  ---

  Sorting:

  Sort string syntax: FIELD_NAME:ORDER
ORDER can be asc or desc.
  Multiple sort criteria are possible.
  Fields are connected via logical conjunction AND.

  Example

  name:desc|size:asc
  Sort by name descending AND size ascending.

  Sorting options:

  Expand

  FIELD_NAME	Description
  name	Node name
  createdAt	Creation date
  createdBy	Creator first name, last name
  updatedAt	Last modification date
  updatedBy	Last modifier first name, last name
  fileType	File type (extension)
  classification	Classification ID: 1 - public 2 - internal 3 - confidential 4 - strictly confidential
  size	Node size
  cntDeletedVersions	Number of deleted versions of this file / folder (NOT recursive; for files and folders only)
  type	Node type (room, folder, file)
  parentPath	Parent path
  timestampCreation	Creation timestamp
  timestampModification	Modification timestamp

  Deprecated sorting options:

  Expand

  FIELD_NAME	Description
  cntChildren	Number of direct children (NOT recursive; for rooms and folders only)

• nodes.setRoomPolicies

  🚀 Since v4.32.0

  Description:

  Retrieve the room policies:

  • defaultExpirationPeriod

  Precondition:

  User needs to be a 👤 Room Administrator.

  Postcondition:

  Room policy is set.

  Further Information:

  defaultExpirationPeriod: Default policy room expiration period in seconds. All existing and future files in a room will have their expiration date set to this period after their respective upload. Existing files can be set to expire earlier afterwards. 0 means no default expiration policy will be enforced. This removes all expiration dates from existing files.

• nodes.setRoomRescueKeyPair

  🚀 Since v4.24.0

  Description:

  Set room rescue key pair.

  Precondition:

  User needs to be a 👤 Room Administrator.

  Postcondition:

  Key pair is set.

  Further Information:

  Room rescue key pair can be used to upgrade algorithm.

• nodes.setRoomS3Tags

  🚀 Since v4.9.0

  Description:

  Set S3 tags to a room.

  Precondition:

  User needs to be a 👤 Room Administrator.

  Postcondition:

  Provided S3 tags are assigned to a room.

  Further Information:

  Every request overrides current S3 tags.
  Mandatory S3 tag IDs MUST be sent.

• nodes.setUserFileKeys

  Description:

  Sets symmetric file keys for several users and files.

  Precondition:

  User has file keys for the files.
  Only settable by users that own one of the following permissions: 🔓 manage, 🔓 read, 🔓 manage download share, 🔓 change config

  Postcondition:

  Stores new file keys for other users.

  Further Information:

  Only users with copies of the file key (encrypted with their public keys) can access a certain file.
  This endpoint is used for the distribution of file keys amongst an authorized user base.
  User can set file key for himself.
  The users who already have a file key are ignored and keep the distributed file key

• nodes.updateFavorites

  🚀 Since v4.25.0

  Description:

  Marks or unmarks a list of nodes (room, folder or file) as favorite.

  Precondition:

  Authenticated user is allowed to 👁 see the node (i.e. isBrowsable = true).

  Postcondition:

  Nodes gets marked as favorite.

  Further Information:

  Maximum number of nodes is 200.

• nodes.updateFile

  Description:

  Updates a list of file’s metadata.

  Precondition:

  User has 🔓 change permissions in parent room.

  Postcondition:

  File's metadata is changed.

• nodes.updateFiles

  🚀 Since v4.25.0

  Description:

  Updates a list of file’s metadata.

  Precondition:

  User has 🔓 change permissions in parent room.

  Postcondition:

  File's metadata is changed.

  Further Information:

  Maximum number of files is 200

• nodes.updateFolder

  Description:

  Updates folder’s metadata.

  Precondition:

  User has 🔓 change permissions in parent room.

  Postcondition:

  Folder's metadata is changed.

  Further Information:

  Notes are limited to 255 characters.

  Node naming convention:

  • Node (room, folder, file) names are limited to 150 characters.
  • Illegal names:
    'CON', 'PRN', 'AUX', 'NUL', 'COM1', 'COM2', 'COM3', 'COM4', 'COM5', 'COM6', 'COM7', 'COM8', 'COM9', 'LPT1', 'LPT2', 'LPT3', 'LPT4', 'LPT5', 'LPT6', 'LPT7', 'LPT8', 'LPT9', (and any of those with an extension)
  • Illegal characters in names:
    '\\', '<','>', ':', '\"', '|', '?', '*', '/', leading '-', trailing '.'
• nodes.updateNodeComment

  🚀 Since v4.10.0

  Description:

  Edit the text of an existing comment for a specific node.

  Precondition:

  User has 🔓 read permissions on the node and is the creator of the comment.

  Postcondition:

  Comments text gets changed.

  Further Information:

  Maximum allowed text length: 65535 characters.

• nodes.updateRoom

  Description:

  Updates room’s metadata.

  Precondition:

  User is a 👤 Room Administrator at superordinated level.

  Postcondition:

  Room's metadata is changed.

  Further Information:

  Notes are limited to 255 characters.

  Node naming convention:

  • Node (room, folder, file) names are limited to 150 characters.
  • Illegal names:
    'CON', 'PRN', 'AUX', 'NUL', 'COM1', 'COM2', 'COM3', 'COM4', 'COM5', 'COM6', 'COM7', 'COM8', 'COM9', 'LPT1', 'LPT2', 'LPT3', 'LPT4', 'LPT5', 'LPT6', 'LPT7', 'LPT8', 'LPT9', (and any of those with an extension)
  • Illegal characters in names:
    '\\', '<','>', ':', '\"', '|', '?', '*', '/', leading '-', trailing '.'
• nodes.updateRoomGroups

  Description:

  All existing group permissions will be overwritten.

  Precondition:

  User needs to be a 👤 Room Administrator. To add new members, the user needs the right 🔓 non-members add, which is included in any role.

  Postcondition:

  Group's permissions are changed.

  Further Information:

  Batch function.

• nodes.updateRoomUsers

  Description:

  All existing user permissions will be overwritten.

  Precondition:

  User needs to be a 👤 Room Administrator. To add new members, the user needs the right 🔓 non-members add, which is included in any role.

  Postcondition:

  User's permissions are changed.

  Further Information:

  Batch function.

• nodes.uploadFileAsMultipart

  🚧 Deprecated since v4.9.0

  Use uploads API

  Description:

  Uploads a file or parts of it in an active upload channel.

  Precondition:

  An upload channel has been created.

  Postcondition:

  A file or parts of it are uploaded to a temporary location.

  Further Information:

  This endpoints supports chunked upload.

  Following Content-Types are supported by this API:

  • multipart/form-data
  • provided Content-Type

  For both file upload types set the correct Content-Type header and body.

  Examples:

  • multipart/form-data

  POST /api/v4/nodes/files/uploads/{upload_id} HTTP/1.1
  Header:...Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW...
  Body:------WebKitFormBoundary7MA4YWxkTrZu0gWContent-Disposition: form-data; name="file"; filename="file.txt"Content-Type: text/plain
  Content of file.txt------WebKitFormBoundary7MA4YWxkTrZu0gW--

  • any other Content-Type

  POST /api/v4/nodes/files/uploads/{upload_id}  HTTP/1.1
  Header:...Content-Type: { ... }...
  Body:raw content

• provisioning.createCustomer

  Description:

  Create a new customer.

  Precondition:

  Authentication with X-Sds-Service-Token required.

  Postcondition:

  A new customer is created.

  Further Information:

  If no company name is set, first letter of the first name separated by dot followed by last name of the first administrator is used (e.g. J.Doe).
  Max quota has to be at least 1 MB (= 1.048.576 B).

  If basic authentication is enabled, the first administrator will get basic authentication by default.
  To create a first administrator without basic authentication it MUST be disabled explicitly.

  Forbidden characters in passwords: [&, ', <, >]

  Authentication Method Options:

  Expand

  Authentication Method	Option Key	Option Value
  basic / sql	username	Unique user identifier
  active_directory	ad_config_id (optional)	Active Directory configuration ID
  	username	Active Directory username according to authentication setting userFilter
  radius	username	RADIUS username
  openid	openid_config_id (optional)	OpenID Connect configuration ID
  	username	OpenID Connect username according to authentication setting mappingClaim

• provisioning.createTenantWebhook

  🚀 Since v4.19.0

  Description:

  Create a new webhook for the tenant scope.

  Precondition:

  Right 🔓 manage webhook required.

  Postcondition:

  Webhook is created for given event types.

  Further Information:

  URL must begin with the HTTPS scheme. Webhook names are limited to 150 characters.

  Available event types:

  Expand

  Name	Description	Scope
  customer.created	Triggered when a new customer is created	Tenant Webhook
  customer.deleted	Triggered when a user is deleted	Tenant Webhook
  webhook.expiring	Triggered 30/20/10/1 days before a webhook expires	Tenant Webhook

• provisioning.removeCustomer

  Description:

  Delete a customer.

  Precondition:

  Authentication with X-Sds-Service-Token required.

  Postcondition:

  Customer is deleted.

  Further Information:

  None.

• provisioning.removeCustomerAttribute

  🚀 Since v4.4.0

  Description:

  Delete a custom customer attribute.

  Precondition:

  Right 🔓 change global config required.

  Postcondition:

  Custom customer attribute gets deleted.

  Further Information:

  • Allowed characters for keys are: [a-zA-Z0-9_-]
  • Characters are case-insensitive.
• provisioning.removeTenantWebhook

  🚀 Since v4.19.0

  Description:

  Delete a webhook for the tenant scope.

  Precondition:

  Right 🔓 manage webhook required.

  Postcondition:

  Webhook is deleted.

  Further Information:

  None.

• provisioning.requestCustomer

  Description:

  Receive details of a selected customer.

  Precondition:

  Authentication with X-Sds-Service-Token required.

  Postcondition:

  Customer details are returned.

  Further Information:

  None.

• provisioning.requestCustomerAttributes

  🚀 Since v4.4.0

  Description:

  Retrieve a list of customer attributes.

  Precondition:

  Authentication with X-Sds-Service-Token required.
  Right 🔓 read all customers required.

  Postcondition:

  List of attributes is returned.

  Further Information:

  Filtering:

  Filters are case insensitive.
  All filter fields are connected via logical conjunction (AND)
  Filter string syntax: FIELD_NAME:OPERATOR:VALUE[:VALUE...]

  Example

  key:cn:searchString_1|value:cn:searchString_2
  Filter by attribute key contains searchString_1 AND attribute value contains searchString_2.

  Filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  key	Customer attribute key filter	cn, eq, sw	Attribute key contains / equals / starts with value.	search String
  value	Customer attribute value filter	cn, eq, sw	Attribute value contains / equals / starts with value.	search String

  ---

  Sorting:

  Sort string syntax: FIELD_NAME:ORDER
ORDER can be asc or desc.
  Multiple sort fields are supported.

  Example

  key:asc|value:desc
  Sort by key ascending AND by value descending.

  Sorting options:

  Expand

  FIELD_NAME	Description
  key	Customer attribute key
  value	Customer attribute value

• provisioning.requestCustomers

  Description:

  Receive a list of customers.

  Precondition:

  Authentication with X-Sds-Service-Token required.

  Postcondition:

  List of customers is returned.

  Further Information:

  This list returns a maximum of 1000 entries.

  Filtering:

  All filter fields are connected via logical conjunction (AND)
  Filter string syntax: FIELD_NAME:OPERATOR:VALUE[:VALUE...]

  Example

  trialDaysLeft:le:10|userMax:le:100
  Get all customers with 10 trial days left AND user maximum <= 100.

  Filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  id	Customer ID filter	eq	Customer ID equals value.	positive Integer
  companyName	Company name filter	cn	Company name contains value.	search String
  customerContractType	Customer contract type filter	eq	Customer contract type equals value.	demo free pay
  trialDaysLeft	Left trial days filter	ge, le	Left trial days are greater / less equals than value. Multiple operator values are allowed and will be connected via logical conjunction (AND). e.g. trialDaysLeft:ge:5|trialDaysLeft:le:10
  providerCustomerId	Provider Customer ID filter	cn, eq	Provider Customer ID contains / equals value.	search String
  quotaMax	Maximum quota filter	ge, le	Maximum quota is greater / less equals than value. Multiple operator values are allowed and will be connected via logical conjunction (AND). e.g. quotaMax:ge:1024|quotaMax:le:1073741824	positive Integer
  quotaUsed	Used quota filter	ge, le	Used quota is greater / less equals than value. Multiple operator values are allowed and will be connected via logical conjunction (AND). e.g. quotaUsed:ge:1024|quotaUsed:le:1073741824	positive Integer
  userMax	User maximum filter	ge, le	User maxiumum is greater / less equals than value. Multiple operator values are allowed and will be connected via logical conjunction (AND). e.g. userMax:ge:10|userMax:le:100	positive Integer
  userUsed	Number of registered users filter	ge, le	Number of registered users is is greater / less equals than value. Multiple operator values are allowed and will be connected via logical conjunction (AND). e.g. userUsed:ge:10|userUsed:le:100	positive Integer
  isLocked	Lock status filter	eq		true or false
  createdAt	Creation date filter	ge, le	Creation date is greater / less equals than value. Multiple operator values are allowed and will be connected via logical conjunction (AND). e.g. createdAt:ge:2016-12-31|createdAt:le:2018-01-01	Date (yyyy-MM-dd)
  updatedAt	Last modification date filter	ge, le	Last modification date is greater / less equals than value. Multiple operator values are allowed and will be connected via logical conjunction (AND). e.g. updatedAt:ge:2016-12-31|updatedAt:le:2018-01-01	Date (yyyy-MM-dd)
  lastLoginAt	Last login date filter	ge, le	Last login date is greater / less equals than value. Multiple operator values are allowed and will be connected via logical conjunction (AND). e.g. lastLoginAt:ge:2016-12-31|lastLoginAt:le:2018-01-01	Date (yyyy-MM-dd)
  userLogin	User login filter	eq	User login name equals value. Search user all logins e.g. basic, active_directory, radius.	search String
  attributeKey	Customer attribute key filter	eq, nex	Customer attribute key equals value / Customer attribute does NOT exist at customer	search String
  attributeValue	Customer attribute value filter	eq	Customer attribute value equals value.	search String

  Deprecated filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  activationCode	Activation code filter	cn, eq	Activation code contains / equals value.	search String
  lockStatus	Lock status filter	eq		0 - unlocked 1 - locked

  ---

  Sorting:

  Sort string syntax: FIELD_NAME:ORDER
ORDER can be asc or desc.
  Multiple sort criteria are possible.
  Fields are connected via logical conjunction AND.

  Example

  companyName:desc|userUsed:asc
  Sort by companyName descending AND userUsed ascending.

  Sorting options:

  Expand

  FIELD_NAME	Description
  companyName	Company name
  customerContractType	Customer contract type
  trialDaysLeft	Number of remaining trial days (demo customers)
  providerCustomerId	Provider Customer ID
  quotaMax	Maximum quota
  quotaUsed	Currently used quota
  userMax	Maximum user number
  userUsed	Number of registered users
  isLocked	Lock status of customer
  createdAt	Creation date
  updatedAt	Last modification date
  lastLoginAt	Last login date of any user of this customer

  Deprecated sorting options:

  Expand

  FIELD_NAME	Description
  lockStatus	Lock status of customer

• provisioning.requestCustomerUsers

  Description:

  Receive a list of users associated with a certain customer.

  Precondition:

  Authentication with X-Sds-Service-Token required.

  Postcondition:

  List of customer users is returned.

  Further Information:

  Filtering:

  All filter fields are connected via logical conjunction (AND)
  Except for login, firstName and lastName - these are connected via logical disjunction (OR)
  Filter string syntax: FIELD_NAME:OPERATOR:VALUE[:VALUE...]

  Example

  login:cn:searchString_1|firstName:cn:searchString_2|lockStatus:eq:2
  Filter users by login contains searchString_1 OR firstName contains searchString_2 AND those who are NOT locked.

  Filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  email	Email filter	eq, cn	Email contains value.	search String
  userName	User name filter	eq, cn	UserName contains value.	search String
  firstName	User first name filter	cn	User first name contains value.	search String
  lastName	User last name filter	cn	User last name contains value.	search String
  isLocked	User lock status filter	eq		true or false
  effectiveRoles	Filter users with DIRECT or DIRECT AND EFFECTIVE roles false: DIRECT roles true: DIRECT AND EFFECTIVE roles DIRECT means: e.g. user gets role directly granted from someone with grant permission right. EFFECTIVE means: e.g. user gets role through group membership.	eq		true or false default: false
  createdAt	Creation date filter	ge, le	Creation date is greater / less equals than value. Multiple operator values are allowed and will be connected via logical conjunction (AND). e.g. createdAt:ge:2016-12-31|createdAt:le:2018-01-01	Date (yyyy-MM-dd)
  phone	Phone filter	eq	Phone equals value.	search String
  isEncryptionEnabled	Encryption status filter client-side encryption private key possession	eq		true or false
  hasRole	(NEW) User role filter Depends on effectiveRoles. For more information about roles check GET /roles API	eq, neq	User role equals value.	CONFIG_MANAGER - Manages global configuration USER_MANAGER - Manages users GROUP_MANAGER - Manages user groups ROOM_MANAGER - Manages top level rooms LOG_AUDITOR - Reads audit logs NONMEMBER_VIEWER - Views users and groups when having room "manage" permission USER - Regular User role GUEST_USER - Guest User role

  Deprecated filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  lockStatus	User lock status filter	eq	User lock status equals value.	0 - Locked 1 - Web access allowed 2 - Web and mobile access allowed
  login	User login filter	cn	User login contains value.	search String

  ---

  Sorting:

  Sort string syntax: FIELD_NAME:ORDER
ORDER can be asc or desc.
  Multiple sort fields are supported.

  Example

  firstName:asc|lastLoginSuccessAt:desc
  Sort by firstName ascending AND by lastLoginSuccessAt descending.

  Sorting options:

  Expand

  FIELD_NAME	Description
  userName	User name
  email	User email
  firstName	User first name
  lastName	User last name
  isLocked	User lock status
  lastLoginSuccessAt	Last successful login date
  expireAt	Expiration date
  createdAt	Creation date

  Deprecated sorting options:

  Expand

  FIELD_NAME	Description
  gender	Gender
  lockStatus	User lock status
  login	User login

• provisioning.requestListOfEventTypesForTenant

  🚀 Since v4.19.0

  Description:

  Get a list of available event types.

  Precondition:

  Right 🔓 manage webhook required.

  Postcondition:

  List of available event types is returned.

  Further Information:

  None.

• provisioning.requestListOfTenantWebhooks

  🚀 Since v4.19.0

  Description:

  Get a list of webhooks for the tenant scope.

  Precondition:

  Right 🔓 manage webhook required.

  Postcondition:

  List of webhooks is returned.

  Further Information:

  Output is limited to 500 entries.
  For more results please use filter criteria and paging (offset + limit).
  EncryptionInfo is NOT provided.
  Wildcard character is the asterisk character: *

  Filtering:

  All filter fields are connected via logical conjunction (AND)
  Filter string syntax: FIELD_NAME:OPERATOR:VALUE[:VALUE...]

  Example

  name:cn:goo|createdAt:ge:2015-01-01
  Get webhooks where name contains goo AND webhook creation date is >= 2015-01-01.

  Filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  id	Webhook id filter	eq	Webhook id equals value. Multiple values are allowed and will be connected via logical disjunction (OR).	positive number
  name	Webhook type name	cn, eq	Webhook name contains / equals value.	search String
  isEnabled	Webhook isEnabled filter	eq		true or false
  createdAt	Creation date filter	ge, le	Creation date is greater / less equals than value. Multiple operator values are allowed and will be connected via logical conjunction (AND). e.g. createdAt:ge:2016-12-31|createdAt:le:2018-01-01	Date (yyyy-MM-dd)
  updatedAt	Last modification date filter	ge, le	Last modification date is greater / less equals than value. Multiple operator values are allowed and will be connected via logical conjunction (AND). e.g. updatedAt:ge:2016-12-31|updatedAt:le:2018-01-01	Date (yyyy-MM-dd)
  expiration	Expiration date filter	ge, le, eq	Expiration date is greater / less equals than value. Multiple operator values are allowed and will be connected via logical conjunction (AND). e.g. expiration:ge:2016-12-31|expiration:le:2018-01-01	Date (yyyy-MM-dd)
  lastFailStatus	Failure status filter	eq	Last HTTP status code. Set when a webhook is auto-disabled due to repeated delivery failures	positive number

  ---

  Sorting:

  Sort string syntax: FIELD_NAME:ORDER
ORDER can be asc or desc.
  Multiple sort criteria are possible.
  Fields are connected via logical conjunction AND.

  Example

  name:desc|isEnabled:asc
  Sort by name descending and isEnabled ascending.

  Sorting options:

  Expand

  FIELD_NAME	Description
  id	Webhook id
  name	Webhook name
  isEnabled	Webhook isEnabled
  createdAt	Creation date
  updatedAt	Last modification date
  expiration	Expiration date

• provisioning.requestTenantWebhook

  🚀 Since v4.19.0

  Description:

  Get a specific webhook for the tenant scope.

  Precondition:

  Right 🔓 manage webhook required.

  Postcondition:

  Webhook is returned.

  Further Information:

  None.

• provisioning.resetTenantWebhookLifetime

  🚀 Since v4.19.0

  Description:

  Reset the lifetime of a webhook for the tenant scope.

  Precondition:

  Right 🔓 manage webhook required.

  Postcondition:

  Lifetime of the webhook is reset.

  Further Information:

  None.

• provisioning.setCustomerAttributes

  🚧 Deprecated since v4.28.0

  Description:

  Set custom customer attributes.

  Precondition:

  Right 🔓 change global config required.

  Postcondition:

  Custom customer attributes gets set.

  Further Information:

  Batch function.
  All existing customer attributes will be deleted.

  • Allowed characters for keys are: [a-zA-Z0-9_-]
  • Characters are case-insensitive.
• provisioning.updateCustomer

  Description:

  Change selected attributes of a customer.

  Precondition:

  Authentication with X-Sds-Service-Token required.

  Postcondition:

  Selected attributes of customer are updated.

  Further Information:

  None.

• provisioning.updateCustomerAttributes

  🚀 Since v4.4.0

  Description:

  Add or edit custom customer attributes.
  
  🚧 Warning: Please note that the response with HTTP status code 200 (OK) is deprecated and will be replaced with HTTP status code 204 (No content)!
  

  Precondition:

  Right 🔓 change global config required.

  Postcondition:

  Custom customer attributes get added or edited.

  Further Information:

  Batch function.
  If an entry exists before, it will be overwritten.

  • Allowed characters for keys are: [a-zA-Z0-9_-]
  • Characters are case-insensitive.
• provisioning.updateTenantWebhook

  🚀 Since v4.19.0

  Description:

  Update an existing webhook for the tenant scope.

  Precondition:

  Right 🔓 manage webhook required.

  Postcondition:

  Webhook is updated.

  Further Information:

  URL must begin with the HTTPS scheme. Webhook names are limited to 150 characters.

  Available event types:

  Expand

  Name	Description	Scope
  customer.created	Triggered when a new customer is created	Tenant Webhook
  customer.deleted	Triggered when a user is deleted	Tenant Webhook
  webhook.expiring	Triggered 30/20/10/1 days before a webhook expires	Tenant Webhook

• public.cancelFileUploadViaShare

  Description:

  Abort (chunked) upload via Upload Share.

  Precondition:

  Valid Upload ID.

  Postcondition:

  Aborts upload and invalidates upload ID / token.

  Further Information:

  None.

• public.checkPublicDownloadSharePassword

  🚀 Since v4.36.0

  Description:

  Check password for a public Download Share

  Precondition:

  None.

  Postcondition:

  None.

  Further Information:

  None.

• public.completeFileUploadViaShare

  Description:

  Finalize (chunked) upload via Upload Share.

  Precondition:

  Valid upload ID.
  Only returns users that owns one of the following permissions: 🔓 manage, 🔓 read, 🔓 manage download share, 🔓 manage upload share

  Postcondition:

  Finalizes upload.

  Further Information:

  Chunked uploads (range requests) are supported.

  Please ensure that all chunks have been transferred correctly before finishing the upload.
  If file hash has been created in time a 201 Created will be responded and hash will be part of response, otherwise it will be a 202 Accepted without it.

• public.completeS3FileUploadViaShare

  🚀 Since v4.15.0

  Description:

  Finishes a S3 file upload and closes the corresponding upload channel.

  Precondition:

  Valid upload ID.
  Only returns users that owns one of the following permissions: 🔓 manage, 🔓 read, 🔓 manage download share, 🔓 manage upload share

  Postcondition:

  Upload channel is closed. S3 multipart upload request is completed.

  Further Information:

  None.

• public.createShareUploadChannel

  Description:

  Create a new upload channel.

  Precondition:

  None.

  Postcondition:

  Upload channel is created and corresponding upload URL, token & upload ID are returned.

  Further Information:

  Use uploadUrl the upload token is deprecated.

  Please provide the size of the intended upload so that the quota can be checked in advanced and no data is transferred unnecessarily.

  Node naming convention:

  • Node (room, folder, file) names are limited to 150 characters.
  • Illegal names:
    'CON', 'PRN', 'AUX', 'NUL', 'COM1', 'COM2', 'COM3', 'COM4', 'COM5', 'COM6', 'COM7', 'COM8', 'COM9', 'LPT1', 'LPT2', 'LPT3', 'LPT4', 'LPT5', 'LPT6', 'LPT7', 'LPT8', 'LPT9', (and any of those with an extension)
  • Illegal characters in names:
    '\\', '<','>', ':', '\"', '|', '?', '*', '/', leading '-', trailing '.'
• public.downloadFileViaTokenPublic

  Description:

  Download a file (or zip archive if target is a folder or room).

  Precondition:

  Valid download token.

  Postcondition:

  Stream is returned.

  Further Information:

  Range requests are supported.
  Range requests are illegal for zip archive download.

• public.downloadFileViaTokenPublic1

  Description:

  Download a file (or zip archive if target is a folder or room).

  Precondition:

  Valid download token.

  Postcondition:

  Stream is returned.

  Further Information:

  Range requests are supported.
  Range requests are illegal for zip archive download.

• public.generateDownloadUrlPublic

  Description:

  Generate a download URL to retrieve a shared file.

  Precondition:

  None.

  Postcondition:

  Download URL and token are generated and returned.

  Further Information:

  Use downloadUrl the download token is deprecated.

• public.generatePresignedUrlsPublic

  🚀 Since v4.15.0

  Description:

  Generate presigned URLs for S3 file upload.

  Precondition:

  Valid upload ID

  Postcondition:

  List of presigned URLs is returned.

  Further Information:

  The size for each part must be >= 5 MB, except for the last part.
  The part number of the first part in S3 is 1 (not 0).
  Use HTTP method PUT for uploading bytes via presigned URL.

• public.requestActiveDirectoryAuthInfo

  Description:

  Provides information about Active Directory authentication options.

  Precondition:

  None.

  Postcondition:

  Active Directory authentication options information is returned.

  Further Information:

  None.

• public.requestOpenIdAuthInfo

  Description:

  Provides information about OpenID Connect authentication options.

  Precondition:

  None.

  Postcondition:

  OpenID Connect authentication options information is returned.

  Further Information:

  None.

• public.requestPublicDownloadShareInfo

  Description:

  Retrieve the public information of a Download Share.

  Precondition:

  None.

  Postcondition:

  Download Share information is returned.

  Further Information:

  None.

• public.requestPublicUploadShareInfo

  Description:

  Provides information about the desired Upload Share.

  Precondition:

  Only userUserPublicKeyList is returned to the users who owns one of the following permissions: 🔓 manage, 🔓 read, 🔓 manage download share, 🔓 manage upload share

  Postcondition:

  None.

  Further Information:

  If no password is set, the returned information is reduced to the following attributes (if available):

  • name
  • createdAt
  • isProtected
  • isEncrypted
  • showUploadedFiles
  • userUserPublicKeyList (if parent is end-to-end encrypted)

  Only if the password is transmitted as X-Sds-Share-Password header, all values are returned.

• public.requestSoftwareVersion

  Description:

  Public software version information.

  Precondition:

  None.

  Postcondition:

  Sofware version information is returned.

  Further Information:

  The version of DRACOON Server consists of two components:

  • API
  • Core (referred to as "Server")

  which are versioned individually.

• public.requestSystemInfo

  Description:

  Provides information about system.

  Precondition:

  None.

  Postcondition:

  System information is returned.

  Further Information:

  Authentication methods are sorted by priority attribute.
  Smaller values have higher priority.
  Authentication method with highest priority is considered as default.

  System information:

  Expand

  Setting	Description	Value
  languageDefault	Defines which language should be default.	ISO 639-1 code
  hideLoginInputFields	Defines if login fields should be hidden.	true or false
  s3Hosts	List of available S3 hosts.	String array
  s3EnforceDirectUpload	Determines whether S3 direct upload is enforced or not.	true or false
  useS3Storage	Determines whether S3 Storage enabled and used.	true or false

  Authentication methods:

  Expand

  Authentication Method	Description
  basic	Basic authentication globally allowed. This option MUST be activated to allow users to log in with their credentials stored in the database. Formerly known as sql.
  active_directory	Active Directory authentication globally allowed. This option MUST be activated to allow users to log in with their Active Directory credentials.
  radius	RADIUS authentication globally allowed. This option MUST be activated to allow users to log in with their RADIUS username, their PIN and a token password.
  openid	OpenID Connect authentication globally allowed.This option MUST be activated to allow users to log in with their OpenID Connect identity.
  hideLoginInputFields	Determines whether input fields for login should be enabled

• public.requestSystemTime

  Description:

  Retrieve the actual server time.

  Precondition:

  None.

  Postcondition:

  Server time is returned.

  Further Information:

  None.

• public.requestThirdPartyDependencies

  🚀 Since v4.9.0

  Description:

  Provides information about used third-party software dependencies.

  Precondition:

  None.

  Postcondition:

  List of the third-party software dependencies used by DRACOON Core (referred to as "Server") is returned.

  Further Information:

  None.

• public.requestUploadStatusPublic

  🚀 Since v4.15.0

  Description:

  Request status of a S3 file upload.

  Precondition:

  An upload channel has been created and the user has 🔓 create permissions in the parent container (room or folder).

  Postcondition:

  Status of S3 multipart upload request is returned.

  Further Information:

  None.

  Possible errors:

  Expand

  Http Status	Error Code	Description
  400 Bad Request	-80000	Mandatory fields cannot be empty
  400 Bad Request	-80001	Invalid positive number
  400 Bad Request	-80002	Invalid number
  400 Bad Request	-40001	(Target) room is not encrypted
  400 Bad Request	-40755	Bad file name
  400 Bad Request	-40763	File key must be set for an upload into encrypted room
  400 Bad Request	-50506	Exceeds the number of files for this Upload Share
  403 Forbidden		Access denied
  404 Not Found	-20501	Upload not found
  404 Not Found	-40000	Container not found
  404 Not Found	-41000	Node not found
  404 Not Found	-70501	User not found
  409 Conflict	-40010	Container cannot be overwritten
  409 Conflict		File cannot be overwritten
  500 Internal Server Error		System Error
  502 Bad Gateway		S3 Error
  502 Insufficient Storage	-50504	Exceeds the quota for this Upload Share
  502 Insufficient Storage	-40200	Exceeds the free node quota in room
  502 Insufficient Storage	-90200	Exceeds the free customer quota
  502 Insufficient Storage	-90201	Exceeds the free customer physical disk space

• public.uploadFileAsMultipartPublic1

  Description:

  Chunked upload of files via Upload Share.

  Precondition:

  Valid upload ID.

  Postcondition:

  Chunk of file is uploaded.

  Further Information:

  Chunked uploads (range requests) are supported.

  Following Content-Types are supported by this API:

  • multipart/form-data
  • provided Content-Type

  For both file upload types set the correct Content-Type header and body.

  Examples:

  • multipart/form-data

  POST /api/v4/public/shares/uploads/{access_key}{upload_id} HTTP/1.1
  Header:...Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW...
  Body:------WebKitFormBoundary7MA4YWxkTrZu0gWContent-Disposition: form-data; name="file"; filename="file.txt"Content-Type: text/plain
  Content of file.txt------WebKitFormBoundary7MA4YWxkTrZu0gW--

  • any other Content-Type

  POST /api/v4/public/shares/uploads/{access_key}{upload_id} HTTP/1.1
  Header:...Content-Type: { ... }...
  Body:raw content

• resources.requestSubscriptionScopes

  🚀 Since v4.20.0

  Description:

  Retrieve a list of subscription scopes.

  Precondition:

  Authenticated user.

  Postcondition:

  List of scopes is returned.

  Further Information:

  None.

• resources.requestUserAvatar

  Description:

  Get user avatar.

  Precondition:

  Valid user ID and avatar UUID

  Postcondition:

  Avatar is returned.

  Further Information:

  None.

• roles.addRoleGroups

  Description:

  Assign group(s) to a role.

  Precondition:

  Right 🔓 grant permission on desired role required.

  Postcondition:

  One or more groups will be added to a role.

  Further Information:

  None.

• roles.addRoleUsers

  Description:

  Assign user(s) to a role.

  Precondition:

  Right 🔓 grant permission on desired role required.

  Postcondition:

  One or more users will be added to a role.

  Further Information:

  None.

• roles.requestRoleGroups

  Description:

  Get all groups with a specific role.

  Precondition:

  Right 🔓 read groups required.

  Postcondition:

  List of to the role assigned groups is returned.

  Further Information:

  Filtering:

  All filter fields are connected via logical conjunction (AND)
  Filter string syntax: FIELD_NAME:OPERATOR:VALUE

  Example

  isMember:eq:false|name:cn:searchString
  Get all groups that are NOT a member of that role AND whose name contains searchString.

  Filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  isMember	Filter the groups which are (not) member of that role	eq		true false any default: true
  name	Group name filter	cn	Group name contains value.	search String

• roles.requestRoles

  Description:

  Retrieve a list of all roles with assigned rights.

  Precondition:

  Right 🔓 read users required.

  Postcondition:

  List of roles with assigned rights is returned.

  Further Information:

  None.

• roles.requestRoleUsers

  Description:

  Get all users with a specific role.

  Precondition:

  Right 🔓 read users required.

  Postcondition:

  List of users is returned.

  Further Information:

  Filtering:

  All filter fields are connected via logical conjunction (AND)
  Filter string syntax: FIELD_NAME:OPERATOR:VALUE

  Example

  isMember:eq:false|user:cn:searchString
  Get all users that are NOT member of that role AND whose (firstName OR lastName OR email OR username) is like searchString.

  Filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  user	User filter	cn	User contains value (firstName OR lastName OR email OR username).	search String
  isMember	Filter the users which are (not) member of that role	eq		true false any default: true

  Deprecated filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  displayName	User display name filter (use user filter)	cn	User display name contains value (firstName OR lastName OR email).	search String

• roles.revokeRoleGroups

  Description:

  Revoke granted group(s) from a role.

  Precondition:

  Right 🔓 grant permission on desired role required.
  For each role, at least one non-expiring user MUST remain who may grant the role.

  Postcondition:

  One or more groups will be removed from a role.

  Further Information:

  None.

• roles.revokeRoleUsers

  Description:

  Revoke granted user(s) from a role.

  Precondition:

  Right 🔓 grant permission on desired role required.
  For each role, at least one non-expiring user MUST remain who may grant the role.

  Postcondition:

  One or more users will be removed from a role.

  Further Information:

  None.

• settings.createAndPreserveKeyPair

  🚀 Since v4.24.0

  Description:

  Create system rescue key pair and preserve copy of old private key.

  Precondition:

  • Right 🔓 change config
  • Existence of own key pair

  Postcondition:

  System rescue key pair is created.
  Copy of old private key is preserved.

  Further Information:

  You can submit your old private key, encrypted with your current password.
  This allows migrating file keys encrypted with your old key pair to the new one.

• settings.createWebhook

  🚀 Since v4.19.0

  Description:

  Create a new webhook for the customer scope.

  Precondition:

  Right 🔓 change config required.

  Postcondition:

  Webhook is created for given event types.

  Further Information:

  URL must begin with the HTTPS scheme.
  Webhook names are limited to 150 characters.

  Available event types:

  Expand

  Name	Description	Scope
  user.created	Triggered when a new user is created	Customer Admin Webhook
  user.deleted	Triggered when a user is deleted	Customer Admin Webhook
  user.locked	Triggered when a user gets locked	Customer Admin Webhook
  webhook.expiring	Triggered 30/20/10/1 days before a webhook expires	Customer Admin Webhook
  downloadshare.created	Triggered when a new download share is created in affected room	Node Webhook
  downloadshare.deleted	Triggered when a download share is deleted in affected room	Node Webhook
  downloadshare.used	Triggered when a download share is utilized in affected room	Node Webhook
  uploadshare.created	Triggered when a new upload share is created in affected room	Node Webhook
  uploadshare.deleted	Triggered when a upload share is deleted in affected room	Node Webhook
  uploadshare.used	Triggered when a new file is uploaded via the upload share in affected room	Node Webhook
  file.created	Triggered when a new file is uploaded in affected room	Node Webhook
  folder.created	Triggered when a new folder is created in affected room	Node Webhook
  room.created	Triggered when a new room is created (in affected room)	Node Webhook
  file.deleted	Triggered when a file is deleted in affected room	Node Webhook
  folder.deleted	Triggered when a folder is deleted in affected room	Node Webhook
  room.deleted	Triggered when a room is deleted in affected room	Node Webhook

• settings.removeSystemRescueKeyPair

  🚀 Since v4.24.0

  Description:

  Remove the system rescue key pair.

  Precondition:

  • Right 🔓 change config
  • Existence of own key pair

  Postcondition:

  Key pair is removed (cf. further information below).

  Further Information:

  Please set a new system rescue key pair first and re-encrypt file keys with it.
  If no version is set, deleted key pair with lowest preference value.
  Although, version SHOULD be set.

• settings.removeWebhook

  🚀 Since v4.19.0

  Description:

  Delete a webhook for the customer scope.

  Precondition:

  Right 🔓 change config required.

  Postcondition:

  Webhook is deleted.

  Further Information:

  None.

• settings.requestAllSystemRescueKeyPairs

  🚀 Since v4.24.0

  Description:

  Retrieve all system rescue key pairs to allow migrating system-rescue-key-encrypted file keys.

  Precondition:

  • Right 🔓 change config
  • Existence of own key pair

  Postcondition:

  List of key pairs is returned.

  Further Information:

  In the case of an algorithm migration of a system rescue key, one should create the new key pair before deleting the old one.
  This allows re-encrypting file keys with the new key pair, using the old one.

  This API allows to retrieve both key pairs, in contrast to GET /settings/keypair, which only delivers the preferred one.

• settings.requestListOfEventTypesForConfigManager

  🚀 Since v4.19.0

  Description:

  Get a list of available (for 👤 Config Manager) event types.

  Precondition:

  Right 🔓 change config required.

  Postcondition:

  List of available event types is returned.

  Further Information:

  None.

• settings.requestListOfWebhooks

  🚀 Since v4.19.0

  Description:

  Get a list of webhooks for the customer scope.

  Precondition:

  Right 🔓 change config required.

  Postcondition:

  List of webhooks is returned.

  Filtering:

  All filter fields are connected via logical conjunction (AND)
  Filter string syntax: FIELD_NAME:OPERATOR:VALUE[:VALUE...]

  Example

  name:cn:goo|createdAt:ge:2015-01-01
  Get webhooks where name contains goo AND webhook creation date is >= 2015-01-01.

  Filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  id	Webhook id filter	eq	Webhook id equals value. Multiple values are allowed and will be connected via logical disjunction (OR).	positive number
  name	Webhook type name	cn, eq	Webhook name contains / equals value.	search String
  isEnabled	Webhook isEnabled filter	eq		true or false
  createdAt	Creation date filter	ge, le	Creation date is greater / less equals than value. Multiple operator values are allowed and will be connected via logical conjunction (AND). e.g. createdAt:ge:2016-12-31|createdAt:le:2018-01-01	Date (yyyy-MM-dd)
  updatedAt	Last modification date filter	ge, le	Last modification date is greater / less equals than value. Multiple operator values are allowed and will be connected via logical conjunction (AND). e.g. updatedAt:ge:2016-12-31|updatedAt:le:2018-01-01	Date (yyyy-MM-dd)
  expiration	Expiration date filter	ge, le, eq	Expiration date is greater / less equals than value. Multiple operator values are allowed and will be connected via logical conjunction (AND). e.g. expiration:ge:2016-12-31|expiration:le:2018-01-01	Date (yyyy-MM-dd)
  lastFailStatus	Failure status filter	eq	Last HTTP status code. Set when a webhook is auto-disabled due to repeated delivery failures	positive number

  ---

  Sorting:

  Sort string syntax: FIELD_NAME:ORDER
ORDER can be asc or desc.
  Multiple sort criteria are possible.
  Fields are connected via logical conjunction AND.

  Example

  name:desc|isEnabled:asc
  Sort by name descending and isEnabled ascending.

  Sorting options:

  Expand

  FIELD_NAME	Description
  id	Webhook id
  name	Webhook name
  isEnabled	Webhook isEnabled
  createdAt	Creation date
  updatedAt	Last modification date
  expiration	Expiration date

• settings.requestNotificationChannels

  🚀 Since v4.20.0

  Description:

  Retrieve a list of configured notification channels.

  Precondition:

  Right "change config" required.

  Postcondition:

  List of notification channels is returned.

  Further Information:

  None.

• settings.requestSettings

  Description:

  Retrieve customer related settings.

  Precondition:

  Right 🔓 read config required.

  Postcondition:

  List of available settings is returned.

  Further Information:

  None.

  Configurable customer settings:

  Expand

  Setting	Description	Value
  homeRoomParentName	Name of the container in which all user's home rooms are located. null if homeRoomsActive is false.	String
  homeRoomQuota	Refers to the quota of each single user's home room. 0 represents no quota. null if homeRoomsActive is false.	positive Long
  homeRoomsActive	If set to true, every user with an Active Directory account or OpenID Connect account gets a personal homeroom. Once activated, this CANNOT be deactivated.	true or false

• settings.requestSystemRescueKeyPair

  🚀 Since v4.24.0

  Description:

  Retrieve the system rescue key pair.

  Precondition:

  Right 🔓 change config

  Postcondition:

  Key pair is returned.

  Further Information:

  If more than one key pair exists the one with highest preference value is returned.

• settings.requestWebhook

  🚀 Since v4.19.0

  Description:

  Get a specific webhook for the customer scope.

  Precondition:

  Right 🔓 change config required.

  Postcondition:

  Webhook is returned.

  Further Information:

  None.

• settings.resetWebhookLifetime

  🚀 Since v4.19.0

  Description:

  Reset the lifetime of a webhook for the customer scope.

  Precondition:

  Right 🔓 change config required.

  Postcondition:

  Lifetime of the webhook is reset.

  Further Information:

  None.

• settings.setSettings

  Description:

  Set customer related settings.

  Precondition:

  Right 🔓 change global config and role 👤 Config Manager required.

  Postcondition:

  Provided settings are updated.

  Further Information:

  None.

  Configurable customer settings

  Expand

  Setting	Description	Value
  homeRoomParentName	Name of the container in which all user's home rooms are located. null if homeRoomsActive is false.	String
  homeRoomQuota	Refers to the quota of each single user's home room. 0 represents no quota. null if homeRoomsActive is false.	positive Long
  homeRoomsActive	If set to true, every user with an Active Directory account or OpenID Connect account gets a personal homeroom. Once activated, this CANNOT be deactivated.	true or false

  Node naming convention:

  • Node (room, folder, file) names are limited to 150 characters.
  • Illegal names:
    'CON', 'PRN', 'AUX', 'NUL', 'COM1', 'COM2', 'COM3', 'COM4', 'COM5', 'COM6', 'COM7', 'COM8', 'COM9', 'LPT1', 'LPT2', 'LPT3', 'LPT4', 'LPT5', 'LPT6', 'LPT7', 'LPT8', 'LPT9', (and any of those with an extension)
  • Illegal characters in names:
    '\\', '<','>', ':', '\"', '|', '?', '*', '/', leading '-', trailing '.'
• settings.setSystemRescueKeyPair

  🚀 Since v4.24.0

  Description:

  Set the system rescue key pair and activate client-side encryption for according customer.

  Precondition:

  • Right 🔓 change config
  • Existence of own key pair

  Postcondition:

  System rescue key pair is set and client-side encryption is enabled.

  Further Information:

  Sets the ability for this customer to encrypt rooms.
  Once enabled on customer level, it CANNOT be unset.
  On activation, a customer rescue key pair MUST be set.

• settings.toggleNotificationChannels

  🚀 Since v4.20.0

  Description:

  Toggle configured notification channels.

  Precondition:

  Right "change config" required.

  Postcondition:

  Channel status is switched.

  Further Information:

  None.

• settings.updateWebhook

  🚀 Since v4.19.0

  Description:

  Update an existing webhook for the customer scope.

  Precondition:

  Right 🔓 change config required.

  Postcondition:

  Webhook is updated.

  Further Information:

  URL must begin with the HTTPS scheme. Webhook names are limited to 150 characters. Webhook event types can not be changed from Customer Admin Webhook types to Node Webhook types and vice versa

  Available event types:

  Expand

  Name	Description	Scope
  user.created	Triggered when a new user is created	Customer Admin Webhook
  user.deleted	Triggered when a user is deleted	Customer Admin Webhook
  user.locked	Triggered when a user gets locked	Customer Admin Webhook
  webhook.expiring	Triggered 30/20/10/1 days before a webhook expires	Customer Admin Webhook
  downloadshare.created	Triggered when a new download share is created in affected room	Node Webhook
  downloadshare.deleted	Triggered when a download share is deleted in affected room	Node Webhook
  downloadshare.used	Triggered when a download share is utilized in affected room	Node Webhook
  uploadshare.created	Triggered when a new upload share is created in affected room	Node Webhook
  uploadshare.deleted	Triggered when a upload share is deleted in affected room	Node Webhook
  uploadshare.used	Triggered when a new file is uploaded via the upload share in affected room	Node Webhook
  file.created	Triggered when a new file is uploaded in affected room	Node Webhook
  folder.created	Triggered when a new folder is created in affected room	Node Webhook
  room.created	Triggered when a new room is created (in affected room)	Node Webhook
  file.deleted	Triggered when a file is deleted in affected room	Node Webhook
  folder.deleted	Triggered when a folder is deleted in affected room	Node Webhook
  room.deleted	Triggered when a room is deleted in affected room	Node Webhook

• shares.createDownloadShare

  Description:

  Create a new Download Share.

  Precondition:

  User with 🔓 manage download share permissions on target node.

  Postcondition:

  Download Share is created.

  Further Information:

  If the target node is a room: subordinary rooms are excluded from a Download Share.

  • name is limited to 150 characters.
  • notes are limited to 255 characters.
  • password is limited to 1024 characters.

  Use POST /shares/downloads/{share_id}/email API for sending emails.

  Forbidden characters in passwords: [&, ', <, >]

  Please keep in mind that due to various restrictions of different telecommunication providers, non-ASCII characters may not be displayed correctly in short messages (SMS).

• shares.createUploadShare

  Description:

  Create a new Upload Share (aka File Request).

  Precondition:

  User has 🔓 manage upload share permissions on target container.

  Postcondition:

  Upload Share is created.

  Further Information:

  • name is limited to 150 characters.
  • notes are limited to 255 characters.
  • password is limited to 1024 characters.

  Forbidden characters in passwords: [&, ', <, >]

  Use POST /shares/uploads/{share_id}/email API for sending emails.

  Please keep in mind that due to various restrictions of different telecommunication providers, non-ASCII characters may not be displayed correctly in short messages (SMS).

• shares.deleteDownloadShares

  🚀 Since v4.21.0

  Functional Description:

  Delete multiple Download Shares.

  Precondition:

  User with "manage download share" permissions on target nodes.

  Postcondition:

  Download Shares are deleted.

  Further Information:

  Only the Download Shares are removed; the referenced files or containers persists.

• shares.deleteUploadShares

  🚀 Since v4.21.0

  Functional Description:

  Delete multiple Upload Shares (aka Upload Accounts).

  Precondition:

  User has "manage upload share" permissions on target containers.

  Postcondition:

  Upload Shares are deleted.

  Further Information:

  Only the Upload Shares are removed; already uploaded files and the target container persist.

• shares.removeDownloadShare

  Description:

  Delete a Download Share.

  Precondition:

  User with 🔓 manage download share permissions on target node.

  Postcondition:

  Download Share is deleted.

  Further Information:

  Only the Download Share is removed; the referenced file or container persists.

• shares.removeUploadShare

  Description:

  Delete an Upload Share (aka File Request).

  Precondition:

  User has 🔓 manage upload share permissions on target container.

  Postcondition:

  Upload Share is deleted.

  Further Information:

  Only the Upload Share is removed; already uploaded files and the target container persist.

• shares.requestDownloadShare

  Description:

  Retrieve detailed information about one Download Share.

  Precondition:

  User with 🔓 manage download share permissions on target node.

  Postcondition:

  Download Share is returned

  Further Information:

  None.

• shares.requestDownloadShareQr

  Description:

  Retrieve detailed information about one Download Share.

  Precondition:

  User with 🔓 manage download share permissions on target node.

  Postcondition:

  Download Share is returned

  Further Information:

  None.

• shares.requestDownloadShares

  Description:

  Retrieve a list of Download Shares.

  Precondition:

  Authenticated user.

  Postcondition:

  List of available Download Shares is returned.

  Further Information:

  Filtering:

  All filter fields are connected via logical (AND). createdBy and updatedBy searches several user-related attributes.

  Filter string syntax: FIELD_NAME:OPERATOR:VALUE[:VALUE...]

  Example

  name:cn:searchString_1|createdBy:cn:searchString_2 Filter by file name contains searchString_1 AND creator info (firstName OR lastName OR email OR username) contains searchString_2.

  Filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  name	Alias or node name filter	cn	Alias or node name contains value.	search String
  createdAt	Creation date filter	ge, le	Creation date is greater / less equals than value. Multiple operator values are allowed and will be connected via logical conjunction (AND). e.g. createdAt:ge:2016-12-31|createdAt:le:2018-01-01	Date (yyyy-MM-dd)
  createdBy	Creator info filter	cn, eq	Creator info (firstName OR lastName OR email OR username) contains value.	search String
  createdById	Creator ID filter	eq	Creator ID equals value.	positive Integer
  accessKey	Share access key filter	cn	Share access key contains values.	search String
  nodeId	Source node ID	eq	Source node (room, folder, file) ID equals value.	positive Integer
  updatedBy	Modifier info filter	cn, eq	Modifier info (firstName OR lastName OR email OR username) contains value.	search String
  updatedById	Modifier ID filter	eq	Modifier ID equals value.	positive Integer

  Deprecated filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  userId	Creator user ID	eq	Creator user ID equals value. Use createdById instead	positive Integer

  ---

  Sorting:

  Sort string syntax: FIELD_NAME:ORDER
ORDER can be asc or desc.
  Multiple sort fields are supported.

  Example

  name:asc|expireAt:desc
  Sort by name ascending AND by expireAt descending.

  Sorting options:

  Expand

  FIELD_NAME	Description
  name	Alias or node name
  notifyCreator	Notify creator on every download
  expireAt	Expiration date
  createdAt	Creation date
  createdBy	Creator first name, last name
  classification	Classification ID: 1 - public 2 - internal 3 - confidential 4 - strictly confidential

• shares.requestUploadShare

  Description:

  Retrieve detailed information about one Upload Share (aka File Request).

  Precondition:

  User has 🔓 manage upload share permissions on target container.

  Postcondition:

  Upload Share is returned.

  Further Information:

  None.

• shares.requestUploadShareQr

  Description:

  Retrieve detailed information about one Upload Share (aka File Request).

  Precondition:

  User has 🔓 manage upload share permissions on target container.

  Postcondition:

  Upload Share is returned.

  Further Information:

  None.

• shares.requestUploadShares

  Description:

  Retrieve a list of Upload Shares (aka File Requests).

  Precondition:

  Authenticated user.

  Postcondition:

  List of available Upload Shares is returned.

  Further Information:

  Filtering:

  All filter fields are connected via logical (AND). createdBy and updatedBy searches several user-related attributes. Filter string syntax: FIELD_NAME:OPERATOR:VALUE[:VALUE...]

  Example

  name:cn:searchString_1|createdBy:cn:searchString_2
  Filter by alias name contains searchString_1 AND creator info (firstName OR lastName OR email OR username) contains searchString_2.

  Filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  name	Alias name filter	cn	Alias name contains value.	search String
  createdAt	Creation date filter	ge, le	Creation date is greater / less equals than value. Multiple operator values are allowed and will be connected via logical conjunction (AND). e.g. createdAt:ge:2016-12-31|createdAt:le:2018-01-01	Date (yyyy-MM-dd)
  createdBy	Creator info filter	cn, eq	Creator info (firstName OR lastName OR email OR username) contains value.	search String
  createdById	Creator ID filter	eq	Creator ID equals value.	positive Integer
  accessKey	Share access key filter	cn	Share access key contains values.	search String
  userId	Creator user ID	eq	Creator user ID equals value.	positive Integer
  targetId	Target node ID	eq	Target node (room, folder) ID equals value.	positive Integer
  updatedBy	Modifier info filter	cn, eq	Modifier info (firstName OR lastName OR email OR username) contains value.	search String
  updatedById	Modifier ID filter	eq	Modifier ID equals value.	positive Integer

  Deprecated filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  targetId	Target node ID	cn	Target node (room, folder) ID equals value.	positive Integer
  userId	Creator user ID	eq	Creator user ID equals value. Use createdById instead.	positive Integer

  ---

  Sort string syntax: FIELD_NAME:ORDER
ORDER can be asc or desc.
  Multiple sort fields are supported.

  Example

  name:asc|expireAt:desc
  Sort by name ascending AND by expireAt descending.

  Sorting options:

  Expand

  FIELD_NAME	Description
  name	Alias name
  notifyCreator	Notify creator on every upload
  expireAt	Expiration date
  createdAt	Creation date
  createdBy	Creator first name, last name

• shares.sendDownloadShareLinkViaEmail

  🚀 Since v4.11.0

  Description:

  Send an email to specific recipients for existing Download Share.

  Precondition:

  User with 🔓 manage download share permissions on target node.

  Postcondition:

  Download Share link successfully sent.

  Further Information:

  • Forbidden characters in the email body: [<, >]
• shares.sendUploadShareLinkViaEmail

  🚀 Since v4.11.0

  Description:

  Send an email to specific recipients for existing Upload Share.

  Precondition:

  User with 🔓 manage upload share permissions on target container.

  Postcondition:

  Upload Share link successfully sent.

  Further Information:

  • Forbidden characters in the email body: [<, >]
• shares.updateDownloadShare

  🚀 Since v4.11.0

  Description:

  Update an existing Download Share.

  Precondition:

  User with 🔓 manage download share permissions on target node.

  Postcondition:

  Download Share is successfully updated.

  Further Information:

  • name is limited to 150 characters.
  • notes are limited to 255 characters.
  • password is limited to 1024 characters.

  Forbidden characters in passwords: [&, ', <, >]

  Please keep in mind that due to various restrictions of different telecommunication providers, non-ASCII characters may not be displayed correctly in short messages (SMS).

• shares.updateDownloadShares

  🚀 Since v4.25.0

  Description:

  Update a list of existing Download Shares.

  Precondition:

  User with 🔓 manage download share permissions on target node.

  Postcondition:

  Download Shares are successfully updated.

  Further Information:

  Maximum number of shares is 200

• shares.updateUploadShare

  🚀 Since v4.11.0

  Description:

  Update existing Upload Share (aka File Request).

  Precondition:

  User has 🔓 manage upload share permissions on target container.

  Postcondition:

  Upload Share successfully updated.

  Further Information:

  • name is limited to 150 characters.
  • notes are limited to 255 characters.
  • password is limited to 1024 characters.

  Forbidden characters in passwords: [&, ', <, >]

  Please keep in mind that due to various restrictions of different telecommunication providers, non-ASCII characters may not be displayed correctly in short messages (SMS).

• shares.updateUploadShares

  🚀 Since v4.25.0

  Description:

  Update a list of existing Upload Shares (aka File Request).

  Precondition:

  User has 🔓 manage upload share permissions on target container.

  Postcondition:

  Upload Shares successfully updated.

  Further Information:

  Maximum number of shares is 200

• systemAuthConfig.createAdConfig

  Description:

  Create a new Active Directory configuration.

  Precondition:

  Right 🔓 change global config of the Provider Customer required.

  Postcondition:

  New Active Directory configuration created.

  Further Information:

  None.

• systemAuthConfig.createOAuthClient

  Description:

  Create a new OAuth client.

  Precondition:

  Right 🔓 change global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  New OAuth client created.

  Further Information:

  Client secret MUST have:

  • at least 12 characters, at most 32 characters
  • only lower case characters, upper case characters and digits
  • at least 1 lower case character, 1 upper case character and 1 digit

  The client secret is optional and will be generated if it is left empty.

  Valid grant types are:

  • authorization_code
  • implicit
  • password
  • client_credentials
  • refresh_token

  Grant type client_credentials is currently NOT permitted!

  Allowed characters for client ID are: [a-zA-Z0-9_-]

  If grant types authorization_code or implicit are used, a redirect URI MUST be provided!

  Default access token validity: 8 hours
  Default refresh token validity: 30 days Default approval validity: ½ year

• systemAuthConfig.createOpenIdIdpConfig

  Description:

  Create new OpenID Connect IDP configuration.

  Precondition:

  Right 🔓 change global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  New OpenID Connect IDP configuration is created.

  Further Information:

  None.

• systemAuthConfig.createRadiusConfig

  Description:

  Create new RADIUS configuration.

  Precondition:

  Right 🔓 change global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  New RADIUS configuration is created.

  Further Information:

  None.

• systemAuthConfig.removeAdConfig

  Description:

  Delete an existing Active Directory configuration.

  Precondition:

  Right 🔓 change global config of the Provider Customer required.

  Postcondition:

  Active Directory configuration is removed.

  Further Information:

  None.

• systemAuthConfig.removeOAuthClient

  Description:

  Delete an existing OAuth client.

  Precondition:

  Right 🔓 change global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  OAuth client is removed.

  Further Information:

  None.

• systemAuthConfig.removeOpenIdIdpConfig

  Description:

  Delete an existing OpenID Connect IDP configuration.

  Precondition:

  Right 🔓 change global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  OpenID Connect IDP configuration is removed.

  Further Information:

  None.

• systemAuthConfig.removeRadiusConfig

  Description:

  Delete existing RADIUS configuration.

  Precondition:

  Right 🔓 change global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  RADIUS configuration is deleted.

  Further Information:

  None.

• systemAuthConfig.requestAdConfig

  Description:

  Retrieve the configuration of an Active Directory.

  Precondition:

  Right 🔓 read global config of the Provider Customer required.

  Postcondition:

  Active Directory configuration is returned.

  Further Information:

  None.

• systemAuthConfig.requestAdConfigs

  Description:

  Retrieve a list of configured Active Directories.

  Precondition:

  Right 🔓 read global config of the Provider Customer required.

  Postcondition:

  List of Active Directory configurations is returned.

  Further Information:

  None.

• systemAuthConfig.requestOAuthClient

  Description:

  Retrieve the configuration of an OAuth client.

  Precondition:

  Right 🔓 change global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  OAuth client is returned.

  Further Information:

  None.

• systemAuthConfig.requestOAuthClients

  Description:

  Retrieve a list of configured OAuth clients.

  Precondition:

  Right 🔓 change global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  List of OAuth clients is returned.

  Further Information:

  Filtering:

  All filter fields are connected via logical conjunction (AND)
  Filter string syntax: FIELD_NAME:OPERATOR:VALUE[:VALUE...]

  Example

  isStandard:eq:true
  Get standard OAuth clients.

  Filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  isStandard	Standard client filter	eq		true or false
  isExternal	External client filter	eq		true or false
  isEnabled	Enabled/disabled clients filter	eq		true or false

  ---

  Sorting:

  Sort string syntax: FIELD_NAME:ORDER
ORDER can be asc or desc.
  Multiple sort criteria are possible.
  Fields are connected via logical conjunction AND.

  Example

  clientName:desc|isStandard:asc
  Sort by clientName descending AND isStandard ascending.

  Sorting options:

  Expand

  FIELD_NAME	Description
  clientName	Client name
  isStandard	Is a standard client
  isExternal	Is a external client
  isEnabled	Is a enabled client

• systemAuthConfig.requestOpenIdIdpConfig

  Description:

  Retrieve an OpenID Connect IDP configuration.

  Precondition:

  Right 🔓 change global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  OpenID Connect IDP configuration is returned.

  Further Information:

  None.

• systemAuthConfig.requestOpenIdIdpConfigs

  Description:

  Retrieve a list of configured OpenID Connect IDPs.

  Precondition:

  Right 🔓 change global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  List of OpenID Connect IDP configurations is returned.

  Further Information:

  None.

• systemAuthConfig.requestRadiusConfig

  Description:

  Retrieve a RADIUS configuration.

  Precondition:

  Right 🔓 read global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  RADIUS configuration is returned.

  Further Information:

  None.

• systemAuthConfig.testAdConfig

  Description:

  Test Active Directory configuration.

  Precondition:

  Right 🔓 change global config of the Provider Customer required.

  Postcondition:

  Active Directory configuration is returned if successful.

  Further Information:

  DRACOON tries to establish a connection with the provided information.

• systemAuthConfig.testRadiusConfig

  Description:

  Test RADIUS configuration.

  Precondition:

  Right 🔓 read global config of the Provider Customer required.

  Postcondition:

  RADIUS configuration is returned if successful.

  Further Information:

  DRACOON tries to establish a connection with the provided information.

• systemAuthConfig.updateAdConfig

  Description:

  Update an existing Active Directory configuration.

  Precondition:

  Right 🔓 change global config of the Provider Customer required.

  Postcondition:

  Active Directory configuration updated.

  Further Information:

  None.

• systemAuthConfig.updateOAuthClient

  Description:

  Update an existing OAuth client.

  Precondition:

  Right 🔓 change global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  OAuth client updated.

  Further Information:

  Client secret MUST have:

  • at least 12 characters, at most 32 characters
  • only lower case characters, upper case characters and digits
  • at least 1 lower case character, 1 upper case character and 1 digit

  The client secret is optional and will be generated if it is left empty.

  Valid grant types are:

  • authorization_code
  • implicit
  • password
  • client_credentials
  • refresh_token

  Grant type client_credentials is currently NOT permitted!

  If grant types authorization_code or implicit are used, a redirect URI MUST be provided!

• systemAuthConfig.updateOpenIdIdpConfig

  Description:

  Update an existing OpenID Connect IDP configuration.

  Precondition:

  Right 🔓 change global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  OpenID Connect IDP configuration is updated.

  Further Information:

  None.

• systemAuthConfig.updateRadiusConfig

  Description:

  Update existing RADIUS configuration.

  Precondition:

  Right 🔓 change global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  RADIUS configuration is updated.

  Further Information:

  None.

• systemPoliciesConfig.changeClassificationPoliciesConfig

  🚀 Since v4.30.0

  Description:

  Change current classification policies:

  • shareClassificationPolicies

  Precondition:

  Right 🔓 change global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  Classification policies are changed.

  Further Information:

  classificationRequiresSharePassword: When a node has this classification or higher, it cannot be shared without a password. If the node is an encrypted file this policy has no effect. 0 means no password will be enforced.

• systemPoliciesConfig.changeGuestUsersPoliciesConfig

  🚀 Since v4.40.0

  Description:

  Change current guest user policies.

  Precondition:

  Right 🔓 change global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  Guest user policies are changed.

  Further Information:

  None.

• systemPoliciesConfig.changeMfaPoliciesConfig

  🚀 Since v4.37.0

  Description:

  Change current multi-factor authentication policies.

  Precondition:

  Right 🔓 change global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  Multi-factor authentication policies are changed.

  Further Information:

  None.

• systemPoliciesConfig.changePasswordPoliciesConfig

  🚀 Since v4.14.0

  Description:

  Change current password policies for any password types:

  • login
  • shares
  • encryption

  Precondition:

  Right 🔓 change global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  Password policies get changed.

  Further Information:

  None.

  Available password policies:

  Expand

  Name	Description	Value	Recommended Value	Password Type
  mustContainCharacters	Characters which a password must contain: alpha - at least one alphabetical character (uppercase OR lowercase)a b c d e f g h i j k l m n o p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z uppercase - at least one uppercase characterA B C D E F G H I J K L M N O P Q R S T U V W X Y Z lowercase - at least one lowercase charactera b c d e f g h i j k l m n o p q r s t u v w x y z numeric - at least one numeric character0 1 2 3 4 5 6 7 8 9 special - at least one special character (letters and digits excluded)! " # $ % ( ) * + , - . / : ; = ? @ [ \ ] ^ _ { | } ~ none - none of the above all - combination of uppercase, lowercase, numeric and special	alpha uppercase lowercase numeric special none all	uppercase lowercase numeric	login shares encryption
  numberOfCharacteristicsToEnforce	Number of characteristics to enforce. e.g. from ["uppercase", "lowercase", "numeric", "special"] all 4 character sets can be enforced; but also only 2 of them	Integer between 0 and 4 default: none - 0 all - 4 otherwise - amount of distinct values cf. mustContainCharacters matrix	3	login shares encryption
  minLength	Minimum number of characters a password must contain.	Integer between 1 and 1024	login: 12 shares: 12 encryption: 14	login shares encryption
  rejectDictionaryWords	Determines whether a password must NOT contain word(s) from a dictionary. In core-service.properties a path to directory with dictionary files (*.txt) can be defined cf. policies.passwords.dictionary.directory. If this rule gets enabled policies.passwords.dictionary.directory must be defined and contain dictionary files. Otherwise, the rule will not have any effect on password validation process.	true or false	true	login shares
  rejectUserInfo	Determines whether a password must NOT contain user info. Affects user's first name, last name, email and user name.	true or false	true	login shares encryption
  rejectKeyboardPatterns	Determines whether a password must NOT contain keyboard patterns. e.g. qwertz, asdf (min. 4 character pattern)	true or false	true	login shares encryption
  numberOfArchivedPasswords	Number of passwords to archive.	Integer between 0 and 10 Set 0 to disable password history.	3	login
  passwordExpiration.enabled	Determines whether password expiration is enabled. Password expiration policy can only be enabled in context with enforceLoginPasswordChange.	true or false	false	login
  maxPasswordAge	Maximum allowed password age (in days)	positive Integer		login
  userLockout.enabled	Determines whether user lockout is enabled.	true or false	true	login
  maxNumberOfLoginFailures	Maximum allowed number of failed login attempts.	positive Integer	5	login
  lockoutPeriod	Amount of minutes a user has to wait to make another login attempt after maxNumberOfLoginFailures has been exceeded.	positive Integer	10	login

  Deprecated password policies:

  Expand

  Name	Description	Value	Recommended Value	Password Type
  enforceLoginPasswordChange	Determines whether a login password change should be enforced for all users. Only takes effect, if login password policies get stricter. Use POST /system/config/policies/passwords/enforce_change API to enforce a login password change.	true or false default: false		login

  mustContainCharacters matrix:

  Expand

  	alpha	uppercase	lowercase	numeric	special	all	none
  alpha	alpha	uppercase	lowercase	alpha numeric	alpha special	all	none
  uppercase	uppercase	uppercase	uppercase lowercase	uppercase numeric	uppercase special	all	none
  lowercase	lowercase	uppercase lowercase	lowercase	lowercase numeric	lowercase special	all	none
  numeric	alpha numeric	uppercase numeric	lowercase numeric	numeric	numeric special	all	none
  special	alpha special	uppercase special	lowercase special	numeric special	special	all	none
  all	all	all	all	all	all	all	none
  none	none	none	none	none	none	none	none

• systemPoliciesConfig.enforceLoginPasswordChange

  🚀 Since v4.24.0

  Description:

  Enforce login password change for all users.

  Precondition:

  Right 🔓 change global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  Login password change is enforced. Every user has to change their login password at next login.

  Further Information:

  None.

• systemPoliciesConfig.requestClassificationPoliciesConfig

  🚀 Since v4.30.0

  Description:

  Retrieve a list of classification policies:

  • shareClassificationPolicies

  Precondition:

  Right 🔓 read global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  List of configured classification policies is returned.

  Further Information:

  classificationRequiresSharePassword: When a node has this classification or higher, it cannot be shared without a password. If the node is an encrypted file this policy has no effect. 0 means no password will be enforced.

• systemPoliciesConfig.requestGuestUsersPoliciesConfig

  🚀 Since v4.40.0

  Description:

  Retrieve guest user policies.

  Precondition:

  Right 🔓 read global config of the Provider Customer required.

  Postcondition:

  Guest user policies are returned.

  Further Information:

  None.

• systemPoliciesConfig.requestMfaPoliciesConfig

  🚀 Since v4.37.0

  Description:

  Retrieve a list of multi-factor authentication policies.

  Precondition:

  Right 🔓 read global config of the Provider Customer required.

  Postcondition:

  List of configured multi-factor authentication policies is returned.

  Further Information:

  None.

• systemPoliciesConfig.requestPasswordPoliciesConfig

  🚀 Since v4.14.0

  Description:

  Retrieve a list of configured password policies for all password types:

  • login
  • shares
  • encryption

  Precondition:

  Right 🔓 read global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  List of configured password policies is returned.

  Further Information:

  None.

  Available password policies:

  Expand

  Name	Description	Value	Password Type
  mustContainCharacters	Characters which a password must contain: alpha - at least one alphabetical character (uppercase OR lowercase)a b c d e f g h i j k l m n o p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z uppercase - at least one uppercase characterA B C D E F G H I J K L M N O P Q R S T U V W X Y Z lowercase - at least one lowercase charactera b c d e f g h i j k l m n o p q r s t u v w x y z numeric - at least one numeric character0 1 2 3 4 5 6 7 8 9 special - at least one special character (letters and digits excluded)! " # $ % ( ) * + , - . / : ; = ? @ [ \ ] ^ _ { | } ~ none - none of the above	alpha uppercase lowercase numeric special none	login shares encryption
  numberOfCharacteristicsToEnforce	Number of characteristics to enforce. e.g. from ["uppercase", "lowercase", "numeric", "special"] all 4 character sets can be enforced; but also only 2 of them	Integer between 0 and 4	login shares encryption
  minLength	Minimum number of characters a password must contain.	Integer between 1 and 1024	login shares encryption
  rejectDictionaryWords	Determines whether a password must NOT contain word(s) from a dictionary. In core-service.properties a path to directory with dictionary files (*.txt) can be defined cf. policies.passwords.dictionary.directory. If this rule gets enabled policies.passwords.dictionary.directory must be defined and contain dictionary files. Otherwise, the rule will not have any effect on password validation process.	true or false	login shares
  rejectUserInfo	Determines whether a password must NOT contain user info. Affects user's first name, last name, email and user name.	true or false	login shares encryption
  rejectKeyboardPatterns	Determines whether a password must NOT contain keyboard patterns. e.g. qwertz, asdf (min. 4 character pattern)	true or false	login shares encryption
  numberOfArchivedPasswords	Number of passwords to archive. Value 0 means that password history is disabled.	Integer between 0 and 10	login
  passwordExpiration.enabled	Determines whether password expiration is enabled.	true or false	login
  maxPasswordAge	Maximum allowed password age (in days)	positive Integer	login
  userLockout.enabled	Determines whether user lockout is enabled.	true or false	login
  maxNumberOfLoginFailures	Maximum allowed number of failed login attempts.	positive Integer	login
  lockoutPeriod	Amount of minutes a user has to wait to make another login attempt after maxNumberOfLoginFailures has been exceeded.	positive Integer	login

• systemPoliciesConfig.requestPasswordPoliciesForPasswordType

  🚀 Since v4.14.0

  Description:

  Retrieve a list of configured password policies for a certain password type:

  • login
  • shares
  • encryption

  Precondition:

  Right 🔓 read global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  List of configured password policies is returned.

  Further Information:

  None.

  Available password policies:

  Expand

  Name	Description	Value	Password Type
  mustContainCharacters	Characters which a password must contain: alpha - at least one alphabetical character (uppercase OR lowercase)a b c d e f g h i j k l m n o p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z uppercase - at least one uppercase characterA B C D E F G H I J K L M N O P Q R S T U V W X Y Z lowercase - at least one lowercase charactera b c d e f g h i j k l m n o p q r s t u v w x y z numeric - at least one numeric character0 1 2 3 4 5 6 7 8 9 special - at least one special character (letters and digits excluded)! " # $ % ( ) * + , - . / : ; = ? @ [ \ ] ^ _ { | } ~ none - none of the above	alpha uppercase lowercase numeric special none	login shares encryption
  numberOfCharacteristicsToEnforce	Number of characteristics to enforce. e.g. from ["uppercase", "lowercase", "numeric", "special"] all 4 character sets can be enforced; but also only 2 of them	Integer between 0 and 4	login shares encryption
  minLength	Minimum number of characters a password must contain.	Integer between 1 and 1024	login shares encryption
  rejectDictionaryWords	Determines whether a password must NOT contain word(s) from a dictionary. In core-service.properties a path to directory with dictionary files (*.txt) can be defined cf. policies.passwords.dictionary.directory. If this rule gets enabled policies.passwords.dictionary.directory must be defined and contain dictionary files. Otherwise, the rule will not have any effect on password validation process.	true or false	login shares
  rejectUserInfo	Determines whether a password must NOT contain user info. Affects user's first name, last name, email and user name.	true or false	login shares encryption
  rejectKeyboardPatterns	Determines whether a password must NOT contain keyboard patterns. e.g. qwertz, asdf (min. 4 character pattern)	true or false	login shares encryption
  numberOfArchivedPasswords	Number of passwords to archive. Value 0 means that password history is disabled.	Integer between 0 and 10	login
  passwordExpiration.enabled	Determines whether password expiration is enabled.	true or false	login
  maxPasswordAge	Maximum allowed password age (in days)	positive Integer	login
  userLockout.enabled	Determines whether user lockout is enabled.	true or false	login
  maxNumberOfLoginFailures	Maximum allowed number of failed login attempts.	positive Integer	login
  lockoutPeriod	Amount of minutes a user has to wait to make another login attempt after maxNumberOfLoginFailures has been exceeded.	positive Integer	login

• systemSettingsConfig.requestAuthConfig

  🚀 Since v4.6.0

  Description:

  DRACOON authentication configuration entry point.

  Precondition:

  Right 🔓 read global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  Returns a list of configurable authentication methods.

  Further Information:

  Authentication methods are sorted by priority attribute.
  Smaller values have higher priority.
  Authentication method with highest priority is considered as default.
  Priority MUST be a positive value.

  Configurable authentication settings:

  Expand

  Authentication Method	Description
  basic	Basic authentication globally allowed. This option MUST be activated to allow users to log in with their credentials stored in the database. Formerly known as sql.
  active_directory	Active Directory authentication globally allowed. This option MUST be activated to allow users to log in with their Active Directory credentials.
  radius	RADIUS authentication globally allowed. This option MUST be activated to allow users to log in with their RADIUS username, their PIN and a token password.
  openid	OpenID Connect authentication globally allowed.This option MUST be activated to allow users to log in with their OpenID Connect identity.

• systemSettingsConfig.requestEventlogConfig

  🚀 Since v4.6.0

  Description:

  DRACOON eventlog configuration entry point.

  Precondition:

  Right 🔓 read global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  Returns a list of configurable eventlog settings.

  Further Information:

  None.

  Configurable eventlog settings:

  Expand

  Setting	Description	Value
  enabled	Determines whether eventlog is enabled.	true or false
  retentionPeriod	Retention period (in days) of eventlog entries. After that period, all entries are deleted.	Integer between 0 and 9999 If set to 0: no logs are deleted
  logIpEnabled	Determines whether user’s IP address is logged.	true or false

• systemSettingsConfig.requestGeneralSettings

  🚀 Since v4.6.0

  Description:

  DRACOON general settings configuration entry point.

  Precondition:

  Right 🔓 read global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  Returns a list of configurable general settings.

  Further Information:

  Auth token restrictions:

  A restriction is a lower bound for a token timeout and defines a duration after which a token is invalidated when it wasn't used.
  The access/refresh token validity duration of the client is the upper bound. A token is invalidated - in any case - when it has passed.

  Auth token restrictions are enabled by default.

  • Default access token validity: 2 hours
  • Default refresh token validity: 30 days

  Configurable general settings:

  Expand

  Setting	Description	Value
  sharePasswordSmsEnabled	Determines whether sending of share passwords via SMS is allowed.	true or false
  cryptoEnabled	Determines whether client-side encryption is enabled. Can only be enabled once; disabling is NOT possible.	true or false
  emailNotificationButtonEnabled	Determines whether email notification button is enabled.	true or false
  eulaEnabled	Determines whether EULA is enabled. Each user has to confirm the EULA at first login.	true or false
  useS3Storage	Defines if S3 is used as storage backend. Can only be enabled once; disabling is NOT possible.	true or false
  s3TagsEnabled	Determines whether S3 tags are enabled	true or false
  authTokenRestrictions	Determines auth token restrictions. (e.g. restricted access token validity)	object

  Deprecated configurable general settings:

  Expand

  Setting	Description	Value
  mediaServerEnabled	Determines whether media server is enabled. Returns boolean value dependent on conjunction of mediaServerConfigEnabled AND mediaServerEnabled	true or false
  weakPasswordEnabled	Determines whether weak password is allowed. Use GET /system/config/policies/passwords API to get configured password policies.	true or false
  hideLoginInputFields	Determines whether input fields for login should be enabled	true or false

• systemSettingsConfig.requestInfrastructureProperties

  🚀 Since v4.6.0

  Description:

  DRACOON infrastructure properties entry point.

  Precondition:

  Right 🔓 read global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  Returns a list of read-only infrastructure properties.

  Further Information:

  Source: core-service.properties

  Read-only infrastructure properties:

  Expand

  Setting	Description	Value
  smsConfigEnabled	Determines whether sending of share passwords via SMS is system-wide enabled.	true or false
  mediaServerConfigEnabled	Determines whether media server is system-wide enabled.	true or false
  s3DefaultRegion	Suggested S3 region	Region name
  s3EnforceDirectUpload	Enforce direct upload to S3	true or false
  dracoonCloud	Determines if the DRACOON Core is deployed in the cloud environment	true or false
  tenantUuid	Current tenant UUID	UUID

• systemSettingsConfig.requestSyslogConfig

  🚀 Since v4.6.0

  Description:

  DRACOON syslog configuration entry point.

  Precondition:

  Right 🔓 read global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  Returns a list of configurable syslog settings.

  Further Information:

  None.

  Configurable syslog settings:

  Expand

  Setting	Description	Value
  enabled	Determines whether syslog is enabled.	true or false
  host	Syslog server (IP or FQDN)	DNS name or IPv4 of a syslog server
  port	Syslog server port	Valid port number
  protocol	Protocol to connect to syslog server	TCP or UDP
  logIpEnabled	Determines whether user’s IP address is logged.	true or false

• systemSettingsConfig.requestSystemDefaults

  🚀 Since v4.6.0

  Description:

  DRACOON system defaults configuration entry point.

  Precondition:

  Right 🔓 read global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  Returns a list of configurable system default values.

  Further Information:

  None.

  Configurable default values

  Expand

  Setting	Description	Value
  languageDefault	Defines which language should be default.	ISO 639-1 code
  downloadShareDefaultExpirationPeriod	Default expiration period for Download Shares in days.	Integer between 0 and 9999
  uploadShareDefaultExpirationPeriod	Default expiration period for Upload Shares in days.	Integer between 0 and 9999
  fileDefaultExpirationPeriod	Default expiration period for all uploaded files in days.	Integer between 0 and 9999
  nonmemberViewerDefault	Defines if new users get the role Non Member Viewer by default	true or false

• systemSettingsConfig.updateAuthConfig

  🚀 Since v4.6.0

  Description:

  DRACOON authentication configuration entry point.
  Change configurable authentication settings.

  Precondition:

  Right 🔓 change global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  One or more authentication methods gets changed.

  Further Information:

  Authentication methods are sorted by priority attribute.
  Smaller values have higher priority.
  Authentication method with highest priority is considered as default.
  Priority MUST be a positive value.

  Configurable authentication settings:

  Expand

  Authentication Method	Description
  basic	Basic authentication globally allowed. This option MUST be activated to allow users to log in with their credentials stored in the database. Formerly known as sql.
  active_directory	Active Directory authentication globally allowed. This option MUST be activated to allow users to log in with their Active Directory credentials.
  radius	RADIUS authentication globally allowed. This option MUST be activated to allow users to log in with their RADIUS username, their PIN and a token password.
  openid	OpenID Connect authentication globally allowed.This option MUST be activated to allow users to log in with their OpenID Connect identity.

• systemSettingsConfig.updateEventlogConfig

  🚀 Since v4.6.0

  Description:

  DRACOON eventlog configuration entry point.
  Change configurable eventlog settings.

  Precondition:

  Right 🔓 change global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  One or more eventlog settings gets changed.

  Further Information:

  None.

  Configurable eventlog settings:

  Expand

  Setting	Description	Value
  enabled	Determines whether eventlog is enabled.	true or false
  retentionPeriod	Retention period (in days) of eventlog entries. After that period, all entries are deleted.	Integer between 0 and 9999 If set to 0: no logs are deleted Recommended value: 7
  logIpEnabled	Determines whether user’s IP address is logged.	true or false

• systemSettingsConfig.updateGeneralSettings

  🚀 Since v4.6.0

  Description:

  DRACOON general settings configuration entry point.
  Change configurable general settings.

  Precondition:

  Right 🔓 change global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  One or more general settings gets changed.

  Further Information:

  Auth token restrictions are enabled by default.

  • Default access token validity: 2 hours
  • Default refresh token validity: 30 days

  Configurable general settings:

  Expand

  Setting	Description	Value
  sharePasswordSmsEnabled	Determines whether sending of share passwords via SMS is allowed.	true or false
  cryptoEnabled	Determines whether client-side encryption is enabled. Can only be enabled once; disabling is NOT possible.	true or false
  emailNotificationButtonEnabled	Determines whether email notification button is enabled.	true or false
  eulaEnabled	Determines whether EULA is enabled. Each user has to confirm the EULA at first login.	true or false
  s3TagsEnabled	Determines whether S3 tags are enabled	true or false
  authTokenRestrictions	Determines auth token restrictions. (e.g. restricted access token validity)	object

  Deprecated configurable general settings:

  Expand

  Setting	Description	Value
  mediaServerEnabled	Determines whether media server is enabled. CANNOT be enabled if media server configuration is disabled in core-service.properties. Check mediaServerConfigEnabled with GET /system/config/settings/infrastructure.	true or false
  weakPasswordEnabled	Determines whether weak password is allowed. Use PUT /system/config/policies/passwords API to change configured password policies.	true or false
  hideLoginInputFields	Determines whether input fields for login should be enabled	true or false

• systemSettingsConfig.updateSyslogConfig

  🚀 Since v4.6.0

  Description:

  DRACOON syslog configuration entry point.
  Change configurable syslog settings.

  Precondition:

  Right 🔓 change global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  One or more syslog settings gets changed.

  Further Information:

  None.

  Configurable syslog settings:

  Expand

  Setting	Description	Value
  enabled	Set true to enable syslog.	true or false
  host	Syslog server (IP or FQDN)	DNS name or IPv4 of a syslog server
  port	Syslog server port	Valid port number
  protocol	Protocol to connect to syslog server	TCP or UDP
  logIpEnabled	Determines whether user’s IP address is logged.	true or false

• systemSettingsConfig.updateSystemDefaults

  🚀 Since v4.6.0

  Description:

  DRACOON system defaults configuration entry point.
  Change configurable system default values.

  Precondition:

  Right 🔓 change global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  One or more system default values gets changed.

  Further Information:

  None.

  Configurable default values

  Expand

  Setting	Description	Value
  languageDefault	Defines which language should be default.	ISO 639-1 code
  downloadShareDefaultExpirationPeriod	Default expiration period for Download Shares in days.	Integer between 0 and 9999 Set 0 to disable.
  uploadShareDefaultExpirationPeriod	Default expiration period for Upload Shares in days.	Integer between 0 and 9999 Set 0 to disable.
  fileDefaultExpirationPeriod	Default expiration period for all uploaded files in days.	Integer between 0 and 9999 Set 0 to disable.
  nonmemberViewerDefault	Defines if new users get the role Non Member Viewer by default	true or false

• systemStorageConfig.createS3Config

  🚀 Since v4.3.0

  Description:

  Create new S3 configuration.

  Precondition:

  Right 🔓 change global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  New S3 configuration is created.

  Further Information:

  Forbidden characters in bucket names: [.]
  bucketName and endpointUrl are deprecated, use bucketUrl instead.

  Virtual hosted style access

  Example: https://bucket-name.s3.region.amazonaws.com/key-name

• systemStorageConfig.createS3Tag

  🚀 Since v4.9.0

  Description:

  Create new S3 tag.

  Precondition:

  Right 🔓 change global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  New S3 tag is created.

  Further Information:

  • Maximum key length: 128 characters.
  • Maximum value length: 256 characters.
  • Both S3 tag key and value are case-sensitive strings.
  • Maximum of 20 mandatory S3 tags is allowed.
• systemStorageConfig.removeS3Tag

  🚀 Since v4.9.0

  Description:

  Delete S3 tag.

  Precondition:

  Right 🔓 change global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  S3 tag gets deleted.

  Further Information:

  None.

• systemStorageConfig.request3Config

  🚀 Since v4.3.0

  Description:

  Retrieve S3 configuration.

  Precondition:

  Right 🔓 read global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  S3 configuration is returned.

  Further Information:

  None.

  Virtual hosted style access

  Example: https://bucket-name.s3.region.amazonaws.com/key-name

• systemStorageConfig.requestS3Tag

  🚀 Since v4.9.0

  Description:

  Retrieve single S3 tag.

  Precondition:

  Right 🔓 read global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  S3 tag is returned.

  Further Information:

  None.

• systemStorageConfig.requestS3TagList

  🚀 Since v4.9.0

  Description:

  Retrieve all configured S3 tags.

  Precondition:

  Right 🔓 read global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  S3 tags are returned.

  Further Information:

  An empty list is returned if no S3 tags are found / configured.

• systemStorageConfig.updateS3Config

  🚀 Since v4.3.0

  Description:

  Update existing S3 configuration.

  Precondition:

  Right 🔓 change global config and role 👤 Config Manager of the Provider Customer required.

  Postcondition:

  S3 configuration is updated.

  Further Information:

  Forbidden characters in bucket names: [.]
  bucketName and endpointUrl are deprecated, use bucketUrl instead.

  Virtual hosted style access

  Example: https://bucket-name.s3.region.amazonaws.com/key-name

• uploads.cancelFileUploadByToken

  Description:

  Cancel file upload.

  Precondition:

  Valid upload token.

  Postcondition:

  Upload canceled, token invalidated and all already transfered chunks removed.

  Further Information:

  It is recommended to notify the API about cancelled uploads if possible.

• uploads.completeFileUploadByToken

  Description:

  Finish uploading a file.

  Precondition:

  Valid upload token.

  Postcondition:

  File created.

  Further Information:

  The provided file name might be changed in accordance with the resolution strategy:

  • autorename: changes the file name and adds a number to avoid conflicts.
  • overwrite: deletes any old file with the same file name.
  • fail: returns an error; in this case, another PUT request with a different file name may be sent.

  Please ensure that all chunks have been transferred correctly before finishing the upload.

  Download share id (if exists) gets changed if:

  • node with the same name exists in the target container
  • resolutionStrategy is overwrite
  • keepShareLinks is true
• uploads.uploadFileByTokenAsMultipart1

  Description:

  Upload a (chunk of a) file.

  Precondition:

  Valid upload token.

  Postcondition:

  Chunk uploaded.

  Further Information:

  Range requests are supported.

  Following Content-Types are supported by this API:

  • multipart/form-data
  • provided Content-Type

  For both file upload types set the correct Content-Type header and body.

  Examples:

  • multipart/form-data

  POST /api/v4/uploads/{token} HTTP/1.1
  Header:...Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW...
  Body:------WebKitFormBoundary7MA4YWxkTrZu0gWContent-Disposition: form-data; name="file"; filename="file.txt"Content-Type: text/plain
  Content of file.txt------WebKitFormBoundary7MA4YWxkTrZu0gW--

  • any other Content-Type

  POST /api/v4/uploads/{token} HTTP/1.1
  Header:...Content-Type: { ... }...
  Body:raw content

• user.changeUserPassword

  Description:

  Change the user's password.

  Precondition:

  Authenticated user.

  Postcondition:

  User's password is changed.

  Further Information:

  The password MUST comply to configured password policies.

  Forbidden characters in passwords: [&, ', <, >]

• user.confirmTotpSetup

  🚀 Since v4.37.0

  Description:

  Confirm second factor TOTP setup with a generated OTP.

  Precondition:

  Authenticated user

  Postcondition:

  Second factor TOTP is enabled.

  Further Information:

  None.

• user.createAndPreserveUserKeyPair

  🚀 Since v4.24.0

  Description:

  Create user key pair and preserve copy of old private key.

  Precondition:

  Authenticated user.

  Postcondition:

  Key pair is created.
  Copy of old private key is preserved.

  Further Information:

  You can submit your old private key, encrypted with your current password.
  This allows migrating file keys encrypted with your old key pair to the new one.

• user.deleteMfaTotpSetup

  🚀 Since v4.37.0

  Description:

  Delete multi-factor authentication TOTP setup with a valid OTP code.

  Precondition:

  Authenticated user
  Multi-factor authentication is NOT enforced

  Postcondition:

  Second factor TOTP is disabled.

  Further Information:

  None.

• user.enableCustomerEncryption

  🚧 Deprecated since v4.24.0

  Use POST /settings/keypair API

  Description:

  Activate client-side encryption for according customer.

  Precondition:

  Right 🔓 change config required.

  Postcondition:

  Client-side encryption is enabled.

  Further Information:

  Sets the ability for this customer to encrypt rooms.
  Once enabled on customer level, it CANNOT be unset.
  On activation, a customer rescue key pair MUST be set.

• user.getMfaStatusForUser

  🚀 Since v4.37.0

  Description:

  Request information about the user's mfa status

  Precondition:

  Authenticated user.

  Postcondition:

  None.

  Further Information:

  None.

• user.getTotpSetupInformation

  🚀 Since v4.37.0

  Description:

  Get setup information for multi-factor authentication (TOTP).

  Precondition:

  Authenticated user.

  Postcondition:

  None.

  Further Information:

  None.

• user.listDownloadShareSubscriptions

  🚀 Since v4.20.0

  Description:

  Retrieve a list of subscribed Download Shares for current user.

  Precondition:

  Authenticated user.

  Postcondition:

  List of subscribed Download Shares is returned.

  Further Information:

  None.

  Filtering

  All filter fields are connected via logical conjunction (AND)
  Filter string syntax: FIELD_NAME:OPERATOR:VALUE[:VALUE...]

  Example

  authParentId:eq:#
  Get download shares where authParentId equals #.

  Filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  downloadShareId	Download Share ID filter	eq	Download Share ID equals value.	long value
  authParentId	Auth parent ID filter	eq	Auth parent ID equals value.	long value

  ---

  Sorting:

  Sort string syntax: FIELD_NAME:ORDER
ORDER can be asc or desc.
  Multiple sort criteria are possible.
  Fields are connected via logical conjunction AND.

  Example

  downloadShareId:desc|authParentId:asc
  Sort by downloadShareId descending AND authParentId ascending.

  Sorting options:

  Expand

  FIELD_NAME	Description
  downloadShareId	Download Share ID
  authParentId	Auth parent ID

• user.listNodeSubscriptions

  🚀 Since v4.20.0

  Description:

  Retrieve a list of subscribed nodes for current user.

  Precondition:

  Authenticated user.

  Postcondition:

  List of subscribed nodes is returned.

  Further Information:

  None.

  Filtering:

  All filter fields are connected via logical conjunction (AND)
  Filter string syntax: FIELD_NAME:OPERATOR:VALUE[:VALUE...]

  Example

  authParentId:eq:#
  Get nodes where authParentId equals #.

  Filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  nodeId	Node ID filter	eq	Node ID equals value.	long value
  authParentId	Auth parent ID filter	eq	Auth parent ID equals value.	long value

  ---

  Sorting:

  Sort string syntax: FIELD_NAME:ORDER
ORDER can be asc or desc.
  Multiple sort criteria are possible.
  Fields are connected via logical conjunction AND.

  Example

  nodeId:desc|authParentId:asc
  Sort by nodeId descending AND authParentId ascending.

  Sorting options:

  Expand

  FIELD_NAME	Description
  nodeId	Node ID
  authParentId	Auth parent ID

• user.listUploadShareSubscriptions

  🚀 Since v4.24.0

  Description:

  Retrieve a list of subscribed Upload Shares for current user.

  Precondition:

  Authenticated user.

  Postcondition:

  List of subscribed Upload Shares is returned.

  Further Information:

  None.

  Filtering

  All filter fields are connected via logical conjunction (AND)
  Filter string syntax: FIELD_NAME:OPERATOR:VALUE[:VALUE...]

  Example

  targetNodeId:eq:#
  Get upload shares where targetNodeId equals #.

  Filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  uploadShareId	Upload Share ID filter	eq	Upload Share ID equals value.	long value
  targetNodeId	Target node ID filter	eq	Target node ID equals value.	long value

  ---

  Sorting:

  Sort string syntax: FIELD_NAME:ORDER
ORDER can be asc or desc.
  Multiple sort criteria are possible.
  Fields are connected via logical conjunction AND.

  Example

  uploadShareId:desc|targetNodeId:asc
  Sort by uploadShareId descending AND targetNodeId ascending.

  Sorting options:

  Expand

  FIELD_NAME	Description
  uploadShareId	Upload Share ID
  targetNodeId	Target node ID

• user.logout

  🚧 Deprecated since v4.12.0

  Description:

  Log out a user.

  Precondition:

  Authenticated user.

  Postcondition:

  • User is logged out
  • Authentication token gets invalidated.

  Further Information:

  None.

• user.pingUser

  Description:

  Test connection to DRACOON Server (while authenticated).

  Precondition:

  Authenticated user.

  Postcondition:

  200 OK with principal information is returned if successful.

  Further Information:

  None.

• user.removeOAuthApproval

  🚀 Since v4.22.0

  Functional Description:

  Delete an OAuth client approval.

  Precondition:

  Authenticated user and valid client ID

  Postcondition:

  OAuth Client approval is revoked.

  Further Information:

  None.

• user.removeOAuthAuthorization

  🚀 Since v4.12.0

  Description:

  Delete an authorization.

  Precondition:

  Authenticated user and valid client ID, authorization ID

  Postcondition:

  Authorization is revoked.

  Further Information:

  None.

• user.removeOAuthAuthorizations

  Description:

  Delete all authorizations of a client.

  Precondition:

  Authenticated user and valid client ID

  Postcondition:

  All authorizations for the client are revoked.

  Further Information:

  None.

• user.removeProfileAttribute

  🚀 Since v4.7.0

  Description:

  Delete custom user profile attribute.

  Precondition:

  None.

  Postcondition:

  Custom user profile attribute is deleted.

  Further Information:

  Allowed characters for keys are: [a-zA-Z0-9_-]

• user.removeUserKeyPair

  Description:

  Delete user key pair.

  Precondition:

  Authenticated user.

  Postcondition:

  Key pair is deleted.

  Further Information:

  If parameter version is not set and two key versions exist, this API deletes version A.
  If two keys with the same version are set, this API deletes the older one.

  This will also remove all file keys that were encrypted with the user public key. If the user had exclusive access to some files, those are removed as well since decrypting them became impossible.

• user.requestAvatar

  🚀 Since v4.11.0

  Description:

  Get the avatar.

  Precondition:

  Authenticated user.

  Postcondition:

  Avatar is returned.

  Further Information:

  None.

• user.requestCustomerInfo

  Description:

  Use this API to get:

  • customer name
  • used / free space
  • used / available
  • user account info

  of the according customer.

  Precondition:

  Authenticated user.

  Postcondition:

  Customer information is returned.

  Further Information:

  None.

• user.requestCustomerKeyPair

  🚧 Deprecated since v4.24.0

  Use GET /settings/keypair API

  Description:

  Retrieve the customer rescue key pair.

  Precondition:

  Authenticated user.

  Postcondition:

  Key pair is returned.

  Further Information:

  The private key is password-based encrypted with AES256 / PBKDF2.

• user.requestListOfNotificationConfigs

  🚀 Since v4.20.0

  Description:

  Retrieve a list of notification configurations for current user.

  Precondition:

  Authenticated user.

  Postcondition:

  List of available notification configurations is returned.

  Further Information:

  None.

• user.requestOAuthApprovals

  🚀 Since v4.22.0

  Functional Description:

  Retrieve information about all OAuth client approvals.

  Precondition:

  Authenticated user.

  Postcondition:

  None.

  Further Information:

  None.

  Sorting:

  Sort string syntax: FIELD_NAME:ORDER
ORDER can be asc or desc.
  Multiple sort criteria are possible.
  Fields are connected via logical conjunction AND.

  Example

  clientName:desc
  Sort by clientName descending.

  Sorting options:

  Expand

  FIELD_NAME	Description
  clientName	Client name

• user.requestOAuthAuthorizations

  Description:

  Retrieve information about all OAuth client authorizations.

  Precondition:

  Authenticated user.

  Postcondition:

  List of OAuth client authorizations is returned.

  Further Information:

  Filtering:

  Filter string syntax: FIELD_NAME:OPERATOR:VALUE[:VALUE...]

  Example

  isStandard:eq:true
  Get standard OAuth clients.

  Filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  isStandard	Standard client filter	eq		true or false

  ---

  Sorting:

  Sort string syntax: FIELD_NAME:ORDER
ORDER can be asc or desc.
  Multiple sort criteria are possible.
  Fields are connected via logical conjunction AND.

  Example

  clientName:desc
  Sort by clientName descending.

  Sorting options:

  Expand

  FIELD_NAME	Description
  clientName	Client name

• user.requestProfileAttributes

  🚀 Since v4.7.0

  Description:

  Retrieve a list of user profile attributes.

  Precondition:

  None.

  Postcondition:

  List of attributes is returned.

  Further Information:

  Filtering:

  All filter fields are connected via logical conjunction (AND)
  Filter string syntax: FIELD_NAME:OPERATOR:VALUE[:VALUE...]

  Example

  key:cn:searchString_1|value:cn:searchString_2
  Filter by attribute key contains searchString_1 AND attribute value contains searchString_2.

  Filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  key	User profile attribute key filter	cn, eq, sw	Attribute key contains / equals / starts with value.	search String
  value	User profile attribute value filter	cn, eq, sw	Attribute value contains / equals / starts with value.	search String

  ---

  Sorting:

  Sort string syntax: FIELD_NAME:ORDER
ORDER can be asc or desc.
  Multiple sort fields are supported.

  Example

  key:asc|value:desc
  Sort by key ascending AND by value descending.

  Sorting options:

  Expand

  FIELD_NAME	Description
  key	User profile attribute key
  value	User profile attribute value

• user.requestUserInfo

  Description:

  Retrieves all information regarding the current user's account.

  Precondition:

  Authenticated user.

  Postcondition:

  User information is returned.

  Further Information:

  Setting the query parameter more_info to true, causes the API to return more details e.g. the user's groups.

  customer (CustomerData) attribute in UserAccount response model is deprecated. Please use response from GET /user/account/customer instead.

• user.requestUserKeyPair

  Description:

  Retrieve the user key pair.

  Precondition:

  Authenticated user.

  Postcondition:

  Key pair is returned.

  Further Information:

  The private key is password-based encrypted with AES256 / PBKDF2.

• user.requestUserKeyPairs

  🚀 Since v4.24.0

  Description:

  Retrieve all user key pairs to allow re-encrypting file keys without need for a second distributor.

  Precondition:

  Authenticated user.

  Postcondition:

  List of key pairs is returned.

  Further Information:

  None.

• user.resetAvatar

  🚀 Since v4.11.0

  Description:

  Reset (custom) avatar to default avatar.

  Precondition:

  Authenticated user.

  Postcondition:

  • User's avatar gets deleted.
  • Default avatar is set.

  Further Information:

  None.

• user.setProfileAttributes

  🚧 Deprecated since v4.12.0

  Description:

  Set custom user profile attributes.

  Precondition:

  None.

  Postcondition:

  Custom user profile attributes are set.

  Further Information:

  Batch function.
  All existing user profile attributes will be deleted.

  • Allowed characters for keys are: [a-zA-Z0-9_-]
  • Characters are case-insensitive
  • Maximum key length is 255
  • Maximum value length is 4096
• user.setUserKeyPair

  Description:

  Set the user key pair.

  Precondition:

  Authenticated user.

  Postcondition:

  Key pair is set.

  Further Information:

  Overwriting an existing key pair is NOT possible.
  Please delete the existing key pair first.
  The private key is password-based encrypted with AES256 / PBKDF2.

• user.subscribeDownloadShare

  🚀 Since v4.20.0

  Description:

  Subscribe Download Share for notifications.

  Precondition:

  User with "manage download share" permissions on target node.

  Postcondition:

  Download Share is subscribed.
  Notifications for this Download Share will be triggered in the future.

  Further Information:

  None.

• user.subscribeDownloadShares

  🚀 Since v4.25.0

  Description:

  Subscribe/Unsubscribe download shares for notifications.

  Precondition:

  User with "manage download share" permissions on target node.

  Postcondition:

  Download shares are subscribed or unsubscribed. Notifications for these download shares will be triggered in the future.

  Further Information:

  Maximum number of subscriptions is 200.

• user.subscribeNode

  🚀 Since v4.20.0

  Description:

  Subscribe node for notifications.

  Precondition:

  User has "read" permissions in auth parent room.

  Postcondition:

  Node is subscribed. Notifications for this node will be triggered in the future.

  Further Information:

  None.

• user.subscribeUploadShare

  🚀 Since v4.24.0

  Description:

  Subscribe Upload Share for notifications.

  Precondition:

  User with "manage upload share" permissions on target node.

  Postcondition:

  Upload Share is subscribed.
  Notifications for this Upload Share will be triggered in the future.

  Further Information:

  None.

• user.subscribeUploadShares

  🚀 Since v4.25.0

  Description:

  Subscribe/Unsubscribe upload shares for notifications.

  Precondition:

  User with "manage upload share" permissions on target node.

  Postcondition:

  Upload shares are subscribed or unsubscribed. Notifications for these upload shares will be triggered in the future.

  Further Information:

  Maximum number of subscriptions is 200.

• user.unsubscribeDownloadShare

  🚀 Since v4.20.0

  Description:

  Unsubscribe Download Share from notifications.

  Precondition:

  User with "manage download share" permissions on target node.

  Postcondition:

  Download Share is unsubscribed.
  Notifications for this Download Share are disabled.

  Further Information:

  None.

• user.unsubscribeNode

  🚀 Since v4.20.0

  Description:

  Unsubscribe node from notifications.

  Precondition:

  User has "read" permissions in auth parent room.

  Postcondition:

  Node is unsubscribed.
  Notifications for this node are disabled.

  Further Information:

  None.

• user.unsubscribeUploadShare

  🚀 Since v4.24.0

  Description:

  Unsubscribe Upload Share from notifications.

  Precondition:

  User with "manage upload share" permissions on target node.

  Postcondition:

  Upload Share is unsubscribed.
  Notifications for this Upload Share are disabled.

  Further Information:

  None.

• user.updateNodeSubscriptions

  🚀 Since v4.25.0

  Description:

  Subscribe/Unsubscribe nodes for notifications.

  Precondition:

  User has "read" permissions in auth parent room.

  Postcondition:

  Nodes are subscribed or unsubscribed. Notifications for these nodes will be triggered in the future.

  Further Information:

  Maximum number of subscriptions is 200.

• user.updateNotificationConfig

  🚀 Since v4.20.0

  Description:

  Update notification configuration for current user.

  Precondition:

  Authenticated user.

  Postcondition:

  Notification configuration is updated.

  Further Information:

  Leave channelIds empty to disable notifications.

• user.updateProfileAttributes

  🚀 Since v4.7.0

  Description:

  Add or edit custom user profile attributes.
  
  🚧 Warning: Please note that the response with HTTP status code 200 (OK) is deprecated and will be replaced with HTTP status code 204 (No content)!
  

  Precondition:

  None.

  Postcondition:

  Custom user profile attributes are added or edited.

  Further Information:

  Batch function.
  If an entry existed before, it will be overwritten.
  Range submodel is never returned.

  • Allowed characters for keys are: [a-zA-Z0-9_-]
  • Characters are case-insensitive
  • Maximum key length is 255
  • Maximum value length is 4096
• user.updateUserAccount

  Description:

  Update current user's account.

  Precondition:

  Authenticated user.

  Postcondition:

  User's account is updated.

  Further Information:

  • All input fields are limited to 150 characters.
  • All characters are allowed.

  customer (CustomerData) attribute in UserAccount response model is deprecated. Please use response from GET /user/account/customer instead.

• user.uploadAvatarAsMultipart

  🚀 Since v4.11.0

  Description:

  Change the avatar.

  Precondition:

  Authenticated user.

  Postcondition:

  Avatar is changed.

  Further Information:

  • Media type MUST be jpeg or png
  • File size MUST bei less than 5 MB
  • Dimensions MUST be 256x256 px
• user.useEmergencyCode

  🚀 Since v4.37.0

  Description:

  Using emergency code for login

  Precondition:

  User has MFA enabled and is already logged in with account/pw (aka pre-Auth-Role)

  Postcondition:

  All MFA-setups for the user are deleted.

  Further Information:

• users.createUser

  Description:

  Create a new user.

  Precondition:

  Right 🔓 change users required.

  Postcondition:

  New user is created.

  Further Information:

  • If a user should NOT expire, leave expireAt empty.
  • All input fields are limited to 150 characters
  • Forbidden characters in first or last name: [<, >]
  • Forbidden characters in passwords: [&, ', <, >]

  Authentication Method Options:

  Expand

  Authentication Method	Option Key	Option Value
  basic / sql	username	Unique user identifier
  active_directory	ad_config_id (optional)	Active Directory configuration ID
  	username	Active Directory username according to authentication setting userFilter
  radius	username	RADIUS username
  openid	openid_config_id (optional)	OpenID Connect configuration ID
  	username	OpenID Connect username according to authentication setting mappingClaim

• users.removeUser

  Description:

  Delete a user.

  Precondition:

  Right 🔓 delete users required.

  Postcondition:

  User is deleted.

  Further Information:

  User CANNOT be deleted if he is a last room administrator of any room.

• users.removeUserAttribute

  Description:

  Delete custom user attribute.

  Precondition:

  Right 🔓 change users required.

  Postcondition:

  Custom user attribute is deleted.

  Further Information:

  • Allowed characters for keys are: [a-zA-Z0-9_-]
  • Characters are case-insensitive.
• users.requestEmergencyMfaCode

  🚀 Since v4.37.0

  Description:

  Request emergency MFA code for a specific user.

  Precondition:

  Right 🔓 change users required.

  Postcondition:

  Emergency MFA code is returned.

  Further Information:

  Emergency code can be used instead of standard MFA authentication to disable all MFA setups.

• users.requestLastAdminRoomsUsers

  🚀 Since v4.10.0

  Description:

  Retrieve a list of all rooms where the user is last admin (except homeroom and its subordinary rooms).

  Precondition:

  Right 🔓 change users required.

  Postcondition:

  List of rooms is returned.

  Further Information:

  An empty list is returned if no rooms were found where the user is last admin.

• users.requestUser

  Description:

  Retrieve detailed information about a single user.

  Precondition:

  Right 🔓 read users required.

  Postcondition:

  User information is returned.

  Further Information:

  None.

  Authentication Method Options:

  Expand

  Authentication Method	Option Key	Option Value
  basic / sql	username	Unique user identifier
  active_directory	ad_config_id (optional)	Active Directory configuration ID
  	username	Active Directory username according to authentication setting userFilter
  radius	username	RADIUS username
  openid	openid_config_id (optional)	OpenID Connect configuration ID
  	username	OpenID Connect username according to authentication setting mappingClaim

• users.requestUserAttributes

  🚀 Since v4.12.0

  Description:

  Retrieve a list of user attributes.

  Precondition:

  None.

  Postcondition:

  List of attributes is returned.

  Further Information:

  Filtering:

  All filter fields are connected via logical conjunction (AND)
  Filter string syntax: FIELD_NAME:OPERATOR:VALUE[:VALUE...]

  Example

  key:cn:searchString_1|value:cn:searchString_2
  Filter by attribute key contains searchString_1 AND attribute value contains searchString_2.

  Filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  key	User attribute key filter	cn, eq, sw	Attribute key contains / equals / starts with value.	search String
  value	User attribute value filter	cn, eq, sw	Attribute value contains / equals / starts with value.	search String

  ---

  Sorting:

  Sort string syntax: FIELD_NAME:ORDER
ORDER can be asc or desc.
  Multiple sort fields are supported.

  Example

  key:asc|value:desc
  Sort by key ascending AND by value descending.

  Sorting options:

  Expand

  FIELD_NAME	Description
  key	User attribute key
  value	User attribute value

• users.requestUserGroups

  Description:

  Retrieves a list of groups a user is member of and / or can become a member.

  Precondition:

  Right 🔓 read users required.

  Postcondition:

  List of groups is returned.

  Further Information:

  Filtering:

  All filter fields are connected via logical conjunction (AND)
  Filter string syntax: FIELD_NAME:OPERATOR:VALUE

  Example

  isMember:eq:false|name:cn:searchString
  Get all groups that the user is NOT member of AND whose name is like searchString.

  Filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  name	Group name filter	cn	Group name contains value.	search String
  isMember	Filter the groups which the user is (not) member of	eq		true false any default: true

• users.requestUserRoles

  Description:

  Retrieve a list of all roles granted to a user.

  Precondition:

  Right 🔓 read users required.

  Postcondition:

  List of granted roles is returned.

  Further Information:

  None.

• users.requestUsers

  Description:

  Returns a list of DRACOON users.

  Precondition:

  Right 🔓 read users required.

  Postcondition:

  List of users is returned.

  Further Information:

  Filtering:

  All filter fields are connected via logical conjunction (AND)
  Except for login, firstName and lastName - these are connected via logical disjunction (OR)
  Filter string syntax: FIELD_NAME:OPERATOR:VALUE[:VALUE...]

  Example

  login:cn:searchString_1|firstName:cn:searchString_2|lockStatus:eq:2
  Filter users by login contains searchString_1 OR firstName contains searchString_2 AND those who are NOT locked.

  Filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  email	Email filter	eq, cn	Email contains value.	search String
  userName	User name filter	eq, cn	UserName contains value.	search String
  firstName	User first name filter	cn	User first name contains value.	search String
  lastName	User last name filter	cn	User last name contains value.	search String
  isLocked	User lock status filter	eq		true or false
  effectiveRoles	Filter users with DIRECT or DIRECT AND EFFECTIVE roles false: DIRECT roles true: DIRECT AND EFFECTIVE roles DIRECT means: e.g. user gets role directly granted from someone with grant permission right. EFFECTIVE means: e.g. user gets role through group membership.	eq		true or false default: false
  createdAt	Creation date filter	ge, le	Creation date is greater / less equals than value. Multiple operator values are allowed and will be connected via logical conjunction (AND). e.g. createdAt:ge:2016-12-31|createdAt:le:2018-01-01	Date (yyyy-MM-dd)
  phone	Phone filter	eq	Phone equals value.	search String
  isEncryptionEnabled	Encryption status filter client-side encryption private key possession	eq		true or false
  hasRole	User role filter Depends on effectiveRoles. For more Roles information please call GET /roles API	eq, neq	User role equals value.	CONFIG_MANAGER - Manage global configs USER_MANAGER - Manage Users GROUP_MANAGER - Manage User-Groups ROOM_MANAGER - Manage top level Data Rooms LOG_AUDITOR - Read logs NONMEMBER_VIEWER - View users and groups when having room manage permission USER - Regular User role GUEST_USER - Guest User role

  Deprecated filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  lockStatus	User lock status filter	eq	User lock status equals value.	0 - Locked 1 - Web access allowed 2 - Web and mobile access allowed
  login	User login filter	cn	User login contains value.	search String

  ---

  Sorting:

  Sort string syntax: FIELD_NAME:ORDER
ORDER can be asc or desc.
  Multiple sort fields are supported.

  Example

  firstName:asc|lastLoginSuccessAt:desc
  Sort by firstName ascending AND by lastLoginSuccessAt descending.

  Sorting options:

  Expand

  FIELD_NAME	Description
  userName	User name
  email	User email
  firstName	User first name
  lastName	User last name
  isLocked	User lock status
  lastLoginSuccessAt	Last successful login date
  expireAt	Expiration date
  createdAt	Creation date

  Deprecated sorting options:

  Expand

  FIELD_NAME	Description
  gender	Gender
  lockStatus	User lock status
  login	User login

• users.requestUsersRooms

  🚧 Deprecated since v4.10.0

  Description:

  Retrieves a list of rooms granted to the user and / or that can be granted.

  Precondition:

  Right 🔓 read users required.

  Postcondition:

  List of rooms is returned.

  Further Information:

  Filtering:

  All filter fields are connected via logical conjunction (AND)
  Filter string syntax: FIELD_NAME:OPERATOR:VALUE

  Example

  isGranted:eq:true|isLastAdmin:eq:true|name:cn:searchString
  Get all rooms that the user is granted AND is last admin AND whose name is like searchString.

  Filtering options:

  Expand

  FIELD_NAME	Filter Description	OPERATOR	Operator Description	VALUE
  name	Room name filter	cn	Room name contains value.	search String
  isGranted	Filter the rooms which the user is (not) granted.	eq		true false any default: true
  isLastAdmin	Filter the rooms which the user is last room administrator. Only in connection with isGranted:eq:true filter possible.	eq		true
  effectivePerm	Filter rooms with DIRECT or DIRECT AND EFFECTIVE permissions false: DIRECT permissions true: DIRECT AND EFFECTIVE permissions any: DIRECT AND EFFECTIVE AND OVER GROUP permissions DIRECT means: e.g. room administrator grants read permissions to group of users directly on desired room. EFFECTIVE means: e.g. group of users gets read permissions on desired room through inheritance. OVER GROUP means: e.g. user gets read permissions on desired room through group membership.	eq		true false any default: false

• users.setUserAttributes

  🚧 Deprecated since v4.28.0

  Description:

  Set custom user attributes.

  Precondition:

  Right 🔓 change users required.

  Postcondition:

  Custom user attributes are set.

  Further Information:

  Batch function.
  All existing user attributes will be deleted.

  • Allowed characters for keys are: [a-zA-Z0-9_-]
  • Characters are case-insensitive.
• users.updateUser

  Description:

  Update user's metadata.

  Precondition:

  Right 🔓 change users required.

  Postcondition:

  User's metadata is updated.

  Further Information:

  • If a user should NOT expire, leave expireAt empty.
  • All input fields are limited to 150 characters
  • All characters are allowed.

  Authentication Method Options:

  Expand

  Authentication Method	Option Key	Option Value
  basic / sql	username	Unique user identifier
  active_directory	ad_config_id (optional)	Active Directory configuration ID
  	username	Active Directory username according to authentication setting userFilter
  radius	username	RADIUS username
  openid	openid_config_id (optional)	OpenID Connect configuration ID
  	username	OpenID Connect username according to authentication setting mappingClaim

• users.updateUserAttributes

  Description:

  Add or edit custom user attributes.
  
  🚧 Warning: Please note that the response with HTTP status code 200 (OK) is deprecated and will be replaced with HTTP status code 204 (No content)!
  

  Precondition:

  Right 🔓 change users required.

  Postcondition:

  Custom user attributes gets added or edited.

  Further Information:

  Batch function.
  If an entry exists before, it will be overwritten.

  • Allowed characters for keys are: [a-zA-Z0-9_-]
  • Characters are case-insensitive.
• openapi.previewSpec

  Preview an OpenAPI document before adding it as a source

• openapi.addSource

  Add an OpenAPI source and register its operations as tools