This guide details the available RESTful endpoints for managing your LucidLink workspace, structured to show the core functionality and practical application (common use case) for each call.
To ensure secure, programmatic access, all API calls must be authorized using a secret key generated from a dedicated Service Account. This feature is available to customers on any Business or Enterprise plan.
Core Functionality & Value Proposition (The 'Why')
The LucidLink Self-Hosted API provides full administrative control over your workspace through standard RESTful endpoints. This enables you to manage critical components like Filespaces, Members, Groups, and Permissions using scripts or external applications, achieving deep integration with your existing IT infrastructure.
The API shifts administrative work from manual, repetitive tasks to fast, repeatable, and scalable automation. Here are the key benefits and automation use cases:
| Automation Scenario | API Endpoints Used | Value for Customers |
|---|---|---|
| Onboarding/Offboarding | POST /members, POST /groups, PUT /groups/members, DELETE /members | Seamless integration with existing Identity Management (IDM) or HR systems. When a new employee is added, a script automatically creates their account, adds them to the correct groups (e.g., 'VFX_Team'), and grants baseline filespace access. Offboarding automatically revokes access. |
| Filespace Provisioning | POST /filespaces, POST /permissions | Standardized and rapid deployment of project filespaces. Automatically spin up a new project filespace, assign a default set of users/groups, and apply required permissions with a single script. |
| Regular Auditing & Reporting | GET /filespaces, GET /members, GET /groups/{groupId}/members, GET /filespaces/{filespaceId}/permissions | Maintain compliance and security. Regularly check and report on who has access to which filespaces. Identify stale accounts or groups for cleanup. |
| Mass Group/Member Updates | PATCH /groups/{groupId}, PUT /groups/members | Efficient bulk administration. Quickly rename a group, or add hundreds of users to a new project group with a single API call, instead of manual clicking. |
Endpoints: Workspace & Filespace Management
This section covers the core storage resource—the Filespace—and the endpoints used to manage its lifecycle.
| HTTP Method | Endpoint | Functionality & Common Use Case |
|---|---|---|
| GET | /api/v1/filespaces | Lists all filespaces in the workspace. Use for inventory and auditing of all active project spaces. |
| POST | /api/v1/filespaces | Creates a new filespace. Use for automated provisioning of a new project space via script. |
| GET | /api/v1/filespaces/{filespaceId} | Retrieves detailed information for a single filespace. Use for checking the status or specific details of a project. |
| PATCH | /api/v1/filespaces/{filespaceId} | Updates the name of a filespace. Use for correcting a naming convention error. |
| DELETE | /api/v1/filespaces/{filespaceId} | Deletes a filespace. Use with caution for decommissioning an old project space. |
Common Scenario: Creating a New Project Filespace
Automate the creation of a new filespace named project-alpha.
# Replace <BEARER_TOKEN> with your actual Authorization token
curl -i -X POST 'http://localhost:3003/api/v1/filespaces' \
-H 'Authorization: Bearer <BEARER_TOKEN>' \
-H 'Content-Type: application/json' \
-d '{
"name": "project-alpha",
"region": "us-east-1",
"storageProvider": "AWS",
"storageOwner": "lucidlink"
}'
Endpoints: Members & Groups Management
These endpoints handle user access and organize users for easier permission assignment.
Members Endpoints
| HTTP Method | Endpoint | Functionality & Common Use Case |
|---|---|---|
| POST | /api/v1/members | Adds a new member (user) to the workspace. Use for automated user onboarding via an integration script. |
| GET | /api/v1/members | Lists all members in the workspace. Use for auditing all current users. |
| GET | /api/v1/members/{memberId} | Retrieves detailed information for a single member. Use for auditing a specific user. |
| PATCH | /api/v1/members/{memberId} | Updates a member's role (e.g., from 'User' to 'Admin'). Use for elevating a user's privileges. |
| DELETE | /api/v1/members/{memberId} | Removes a member from the workspace. Use for automated user offboarding/access revocation. |
| GET | /api/v1/members/{memberId}/groups | Lists all groups a specific member belongs to. Use for troubleshooting a member's access permissions. |
Endpoints: Groups
| HTTP Method | Endpoint | Functionality & Common Use Case |
|---|---|---|
| POST | /api/v1/groups | Creates a new group in the workspace. Use for provisioning a new team or department (e.g., "Video_Editors") that needs a specific set of resource access. |
| GET | /api/v1/groups | Gets a list of all workspace groups. Use for displaying all available groups for management or reporting. |
| GET | /api/v1/groups/{groupId} | Gets a workspace group by principalId. Use for retrieving specific details of a known group. |
| PATCH | /api/v1/groups/{groupId} | Updates group properties. Use for renaming a group (e.g., from "Marketing" to "Creative_Team"). |
| DELETE | /api/v1/groups/{groupId} | Removes a group from the workspace. Use for decommissioning a project or team. |
| GET | /api/v1/groups/{groupId}/members | Gets a list of members in the given group. Use for auditing which users are currently part of a specific group. |
| PUT | /api/v1/groups/members | Bulk adds members to groups. Use for onboarding a large number of new employees by assigning multiple users to various groups simultaneously. |
| PUT | /api/v1/groups/{groupId}/members/{memberId} | Adds a single member to a group. Use for adding a single new user to an existing group after they've been provisioned. |
| DELETE | /api/v1/groups/{groupId}/members/{memberId} | Removes a member from a group. Use for offboarding a user or removing a user's access. |
Common Scenario: Bulk Onboarding and Group Assignment
This example shows adding a new member to the workspace and subsequently adding them to a 'Marketing' group (assuming the group already exists).
cURL Snippet (Add Member to Workspace):
curl -i -X POST 'http://localhost:3003/api/v1/members' \
-H 'Authorization: Bearer <BEARER_TOKEN>' \
-H 'Content-Type: application/json' \
-d '{
"email": "johnDoe@email.com"
}'
# Response will include the new memberId (principalId)
cURL Snippet (Add Member to ‘Marketing’ Group):
curl -i -X PUT 'http://localhost:3003/api/v1/groups/members' \
-H 'Authorization: Bearer <BEARER_TOKEN>' \
-H 'Content-Type: application/json' \
-d '{
"memberships": [
{
"groupId": "<GROUP_ID>",
"memberId": "<MEMBER_ID>"
}
]
}'
Endpoints: Permissions
This is the control layer for specifying who (memberId or groupId) has what level of access to a specific Filespace.
| HTTP Method | Endpoint | Functionality & Common Use Case |
|---|---|---|
| POST | /api/v1/filespaces/{filespaceId}/permissions | Grants a new permission (e.g., Read/Write) for a principal (Member or Group) on a filespace. Use for setting initial access control after filespace creation. |
| GET | /api/v1/filespaces/{filespaceId}/permissions | Lists all granted permissions for a specific filespace. Use for auditing access for a specific project. |
| PATCH | /api/v1/filespaces/{filespaceId}/permissions/{permissionId} | Updates an existing permission (e.g., changing 'Read' to 'Read/Write'). Use for adjusting a team's level of access mid-project. |
| DELETE | /api/v1/filespaces/{filespaceId}/permissions/{permissionId} | Revokes an existing permission. Use for removing a user's or group's access to a filespace. |
Common Scenario: Granting Access to a Group
After creating a filespace, grant the 'Marketing' group Read-Only access.
cURL Snippet (Grant Permission):
# Grant Read access to Group G-123 on Filespace F-789
curl -i -X POST 'http://localhost:3003/api/v1/filespaces/<FILESPACE_ID>/permissions' \
-H 'Authorization: Bearer <BEARER_TOKEN>' \
-H 'Content-Type: application/json' \
-d '{
"path": "/",
"permissions": [
"read"
],
"principalId": "<GROUP_ID>"
}'
System and Utility Endpoints
These endpoints support the operation and configuration of the API service.
| HTTP Method | Endpoint | Functionality & Common Use Case |
|---|---|---|
| GET | /api/v1/health | Checks if the LucidAPI instance is responsive. Used by monitoring systems (e.g., Nagios, Zabbix) to confirm the API service is up and running. |
| GET | /api/v1/providers | Gets available storage providers in JSON format. Used to dynamically populate dropdown menus to ensure the user only selects valid storage combinations when creating a filespace. |
cURL Snippet (Health Check):
curl -i -X GET 'http://localhost:3003/api/v1/health'cURL Snippet (Providers):
curl -i -X GET 'http://localhost:3003/api/v1/providers' \
-H 'Authorization: Bearer <BEARER_TOKEN>'Directory Management API
The Directory Management API is a significant enhancement that elevates the functionality currently available within the LucidLink client application, translating it into a robust, programmatic interface for developers. This API is specifically designed to allow software engineers and system administrators to seamlessly integrate directory management operations into their custom applications, scripts, and workflows.
This new API exposes a rich set of core capabilities necessary for complete directory lifecycle management within the LucidLink filespace. Specifically, it provides the fundamental building blocks to programmatically manage directories with precision and efficiency.
Core API Capabilities
The Directory Management API provides the following essential endpoints:
| Capability | Description |
|---|---|
| Create Directory | Allows developers to programmatically create new directories at any specified path within the LucidLink filespace. This function is critical for automated provisioning and file structure setup. |
| Delete Directory | Provides the ability to permanently remove an existing directory. This operation is designed to support automated cleanup and decommissioning of unused or temporary file structures. |
| List Directory Contents | Enables the retrieval of an itemized list of all files and subdirectories contained within a specified directory path. This is vital for navigating the filespace, synchronization, and generating file manifests. The listing can include essential metadata for each entry. |
| Resolve Path to ID | A utility function that accepts a human-readable file path (e.g., /projects/alpha/data) and efficiently resolves it to the system's unique internal identifier (ID). This is essential for subsequent API calls that require an entry ID for maximum performance and stability. |
| Get Entry Info by ID | Allows for the retrieval of comprehensive metadata and status information for a specific directory or file, using its unique internal ID. This bypasses path resolution, offering the quickest way to access details such as creation date, modification time, size (for files), and permissions. |
Deployment and Architecture:
Adherence to Zero-Knowledge Policy
In alignment with the foundational security and privacy principles of LucidLink, particularly the commitment to a zero-knowledge policy, the Directory Management API endpoint will not be hosted or managed by LucidLink's infrastructure.
Endpoints: Directory management
| HTTP Method | Endpoint | Functionality & Common Use Case |
| POST | /api/v1/filespaces/{filespaceId}/entries | Create directory |
| GET | /api/v1/filespaces/{filespaceId}/entries/resolve | Returns entry information for a filesystem path within the filespace. |
| GET | /api/v1/filespaces/{filespaceId}/entries/{entryId}/children | Returns a paginated list of entries within the specified directory. |
| GET | /api/v1/filespaces/{filespaceId}/entries/{entryId} | Returns entry information for a filesystem entry ID within the filespace. |
| DELETE | /api/v1/filespaces/{filespaceId}/entries/{entryId} | Deletes a directory from the filespace. Directories must be empty to be deleted. |
Create dir example:
curl -X 'POST' \
'http://localhost:3003/api/v1/filespaces/dcb2e737-1bd7-4a81-bf3b-03f6789bb8a6/entries' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <Bearer_token> -H 'Content-Type: application/json' \
-d '{
"parentId": "4294967294:0",
"name": "myDir",
"type": "dir"
}'List dir example (with default page size):
curl -X 'GET' \
'http://localhost:3003/api/v1/filespaces/dcb2e737-1bd7-4a81-bf3b-03f6789bb8a6/entries/103%3A3/children' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <Bearer_token>List dir example (with explicitly set page size):
curl -X 'GET' \
'http://localhost:3003/api/v1/filespaces/dcb2e737-1bd7-4a81-bf3b-03f6789bb8a6/entries/103%3A3/children?limit=50' \
-H 'accept: application/json' \
-H 'Authorization: <Bearer_token>LucidLink Connect API
The LucidLink Connect API enables the connection of external data stores (such as S3 object storage) and the linking of stored assets directly within the filespace without the need to first download or copy the data into the filespace. Linked assets can then be streamed directly from any compatible LucidLink client (desktop, mobile, web) in the same manner as data added through conventional means.
The Connect API allows integration and automation opportunities for existing data in its native form. This may be from a standalone bucket, or from storage being managed by another service or application. Multiple data sources from multiple different providers can be linked in a single filespace.
Note that only linking is performed via the API - data access itself is achieved through LucidLink client applications.
LucidLink Connect is a purchased add-on available only to LucidLink Enterprise plans.
Core API Capabilities
The LucidLink Connect API provides the following endpoints:
| Capability | Description |
| Create DataStore | Allows the creation of a new DataStore record, necessary for linking of external assets (ExternalEntries) and refresh of linked asset URLs. Requires access credentials with GetObject (or provider equivalent) permissions. |
| List DataStores | Returns an array of all configured DataStores for the specified filespace and their configuration details. |
| DataStore Info | Returns an object with configuration details for the specified filespace ID and DataStore ID. |
| Delete DataStore | Provides the ability to permanently remove an existing DataStore. |
| List ExternalEntries | Returns an object containing a paginated array of ExternalEntry IDs associated with the specified DataStore ID. |
| Create ExternalEntry | Allows creation of a new ExternalEntry from the specified DataStore in the specified filespace. |
| Delete ExternalEntry | Allows deletion of the specified ExternalEntry by ID. |
Due to the fact that assets linked via LucidLink Connect are stored outside of LucidLink in their native format and without client-side encryption, they are not covered by LucidLink’s zero-knowledge guarantees.
This does not mean that LucidLink Connect is insecure - merely that it offers a more relaxed mode of data privacy on par with the data storage providers from whom the data is being streamed.
More explicitly, this means that it is not technically impossible for the external storage provider, or for LucidLink with authorised access, to view or access external entries linked via LucidLink Connect (in contrast with the architecture of our base product). However, LucidLink does not read or download the contents of externally linked storage as part of normal operations.
As a matter of policy, customer file contents are not accessed during day-to-day use of LucidLink Connect. Because LucidLink Connect is not designed to make access to externally linked data cryptographically impossible, LucidLink retains a technical capability to access such data in exceptional circumstances where this is necessary to operate or support the service and where authorised internal access is used. Any such access is subject to LucidLink’s internal security controls, including restricted access, role-based permissions, and logging.
This differs from LucidLink’s standard layout, which is designed to prevent LucidLink from accessing customer data by design. Customers should therefore treat LucidLink Connect as operating under a trusted service-provider model rather than a strict zero-knowledge model.
Endpoints: LucidLink Connect
| HTTP Method | Endpoint | Functionality & Common Use Case |
| POST | /api/v1/filespaces/{filespaceId}/external/data-stores | Create DataStore in the filespace with the specified ID |
| GET | /api/v1/filespaces/{filespaceId}/external/data-stores | Returns an array of DataStores and their configuration details in the filespace with the specified ID |
| GET | /api/v1/filespaces/{filespaceId}/external/data-stores/{dataStoreId} | Returns an object with configuration details for the filespace and DataStore with the specified IDs |
| DELETE | /api/v1/filespaces/{filespaceId}/external/data-stores/{dataStoreId} | Deletes a DataStore with a specified ID from the specified filespace |
| GET | /api/v1/filespaces/{filespaceId}/external/entries/ids | Returns an object containing a paginated array of ExternalEntry IDs associated with the specified DataStore ID |
| POST | /api/v1/filespaces/{filespaceId}/external/entries | Creates an ExternalEntry in the specified filespace |
| DELETE | /api/v1/filespaces/{filespaceId}/external/entries/{entryId} | Deletes the specified ExternalEntry ID from the specified filespace |
Create DataStore example:
curl -X 'POST' \
'http://localhost:3003/api/v1/filespaces/dcb2e737-1bd7-4a81-bf3b-03f6789bb8a6/external/data-stores' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <Bearer_token> -H 'Content-Type: application/json' \
-d '{
"name": "my_bucket",
"kind": "S3DataStore",
"s3StorageParams": {
"accessKey": "AKIAIOSFODNN7EXAMPLE",
"bucketName": "my-company-data",
"region": "us-east-1",
"useVirtualAddressing": true,
"secretKey": "<Secret_key>",
"urlExpirationMinutes": 10080
}
}'List DataStores example:
curl -X 'GET' \ 'http://localhost:3003/api/v1/filespaces/dcb2e737-1bd7-4a81-bf3b-03f6789bb8a6/external/data-stores' \ -H 'accept: application/json' \ -H 'Authorization: Bearer <Bearer_token>
Create ExternalEntry example:
curl -X 'POST' \
'http://localhost:3003/api/v1/filespaces/dcb2e737-1bd7-4a81-bf3b-03f6789bb8a6/external/entries' \
-H 'accept: application/json' \
-H 'Authorization: Bearer <Bearer_token> -H 'Content-Type: application/json' \
-d '{
"path": "/Documents/Project",
"kind": "SingleObjectFile",
"dataStoreId": "string",
"singleObjectFileParams": {
"objectId": "string"
}
}'List ExternalEntry IDs example:
curl -X 'GET' \ 'http://localhost:3003/api/v1/filespaces/dcb2e737-1bd7-4a81-bf3b-03f6789bb8a6/external/entries/ids' \ -H 'accept: application/json' \ -H 'Authorization: <Bearer_token>