Post Token

This token represents a post created by a user.

The post token must contain a content (c) field. For other constraints see the Action Tokens.

Subtypes indicate the kind of content (encoded in t as POST:SUBTYPE):

Subtype Description
POST or POST:TEXT Text-only post. Content is markdown.
POST:IMG Image post. Content is markdown; attachments (a) hold the image file(s).
POST:VID Video post. Content is markdown; attachments (a) hold the video file(s).
POST:DEL Delete a previous post.

Content-Addressing

This token is content-addressed using SHA-256:

  • The entire JWT token (header + payload + signature) is hashed
  • Action ID format: a1~{base64_hash}
  • Changing any field invalidates the action_id
  • See Content-Addressing & Merkle Trees for details

Immutability: Once created, a POST token cannot be modified without changing its action ID.

Attachments

The a (attachments) field can contain file references:

  • Each entry is a file_id (f1~...)
  • File IDs are content-addressed (SHA256 of file descriptor)
  • Files contain multiple variants (different resolutions)
  • See File Storage for details

Properties:

  • Attachments are cryptographically bound to the post
  • Cannot swap images without breaking the action signature
  • Deduplication: same image in multiple posts = same file_id
  • Federation: remote instances can verify attachment integrity

Database Key

POST has no key_pattern defined, so every post is unique and identified solely by its action ID. Posts are never overridden by subsequent posts (unlike REACT or REPOST, which use a key to dedup/override).

Example

User @someuser.cloudillo.net writes a post on the wall of @somegroup.cloudillo.net, attaching an image:

Field Value
iss someuser.cloudillo.net
aud somegroup.cloudillo.net
iat 2024-04-13T00:00:00.000Z
k 20240109
t POST:IMG
c “Love U All <3”
a [“f1~Qo2E3G8TJZ2HTGhVlrtTDBpvBGOp6gfGhq4QmD6Z46w”]