References API
Overview
References (refs) are shareable tokens for various workflows including file sharing, email verification, password reset, and invitations. They support configurable expiration, usage limits, and access levels.
Endpoints
List References
GET /api/refs
List references for the current tenant.
Authentication: Required
Query Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
type |
string | No | Filter by type (e.g., share.file, email-verify) |
filter |
string | No | Status filter: active, used, expired, all (default: active) |
resourceId |
string | No | Filter by resource ID (e.g., file ID) |
Response:
Example:
Create Reference
POST /api/refs
Create a new reference token.
Authentication: Required
Request:
| Field | Type | Required | Description |
|---|---|---|---|
type |
string | Yes | Reference type |
description |
string | No | Human-readable description |
expiresAt |
number | No | Expiration timestamp (Unix seconds) |
count |
number/null | No | Usage count: omit for 1, null for unlimited, or number |
resourceId |
string | No | Resource ID (required for share.file) |
accessLevel |
string | No | Access level: read or write (default: read) |
Response:
Example:
Get Reference
GET /api/refs/{refId}
Get details of a specific reference. Returns full details if authenticated, minimal details (only refId and type) if not.
Authentication: Optional
Path Parameters:
| Parameter | Type | Description |
|---|---|---|
refId |
string | Reference ID |
Response (authenticated):
Response (unauthenticated):
Delete Reference
DELETE /api/refs/{refId}
Delete/revoke a reference. The reference will immediately become invalid.
Authentication: Required
Path Parameters:
| Parameter | Type | Description |
|---|---|---|
refId |
string | Reference ID to delete |
Response:
Guest Access with References
References can be used to grant guest access to resources without requiring authentication.
Exchange Reference for Access Token
GET /api/auth/access-token
Exchange a reference for a scoped access token. This enables unauthenticated users to access shared resources.
Authentication: None
Query Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
ref |
string | Yes | Reference ID |
Response:
Example:
Reference Types
| Type | Description | Requires resourceId |
|---|---|---|
share.file |
File sharing link | Yes |
email-verify |
Email verification | No |
password-reset |
Password reset link | No |
invite |
User invitation | No |
welcome |
Welcome/onboarding link | No |
Usage Count Behavior
The count field controls how many times a reference can be used:
| Value | Behavior |
|---|---|
| Omitted | Single use (default = 1) |
null |
Unlimited uses |
| Number | That many uses remaining |
Each use decrements the count. When count reaches 0, the reference becomes invalid.
Access Levels
For share.file references, the accessLevel controls permissions:
| Level | Description |
|---|---|
read |
View-only access (default) |
write |
Edit access to the resource |
Complete File Sharing Example
See Also
- Files API - File management
- Authentication API - Token management
- FSHR Action Token - File sharing actions