openapi: 3.1.0 info: title: File Access Agent API version: 0.1.0 description: > File Access Agent controls access to files stored in bucket / file space. Upload uses Member Center JWT access tokens. Download uses delegated short-lived tokens issued and validated by Member Center. Deployment model is single-tenant per instance, and service is stateless by default without a required DB. servers: - url: http://localhost:5081 description: Local development tags: - name: Files - name: System paths: /files/{objectKey}: put: tags: [Files] summary: Upload file description: > Upload a file through File Access Agent. Requires a Member Center JWT access token with audience `file_access_api`, scope `files:upload.write`, and claim `tenant_id`. security: - BearerAuth: [files:upload.write] parameters: - in: path name: objectKey required: true schema: type: string description: URL-encoded object key - in: header name: X-File-Id required: false schema: type: string requestBody: required: true content: application/octet-stream: schema: type: string format: binary multipart/form-data: schema: type: object required: [file] properties: file: type: string format: binary responses: '201': description: File uploaded content: application/json: schema: $ref: '#/components/schemas/FileObjectResponse' '400': description: Invalid request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '401': description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '403': description: Forbidden content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '409': description: Conflict content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '413': description: Payload too large content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' get: tags: [Files] summary: Download file description: > Download a file through File Access Agent using a delegated short-lived token previously issued by Member Center. security: - BearerAuth: [files:download.read] parameters: - in: path name: objectKey required: true schema: type: string description: URL-encoded object key responses: '200': description: File stream content: application/octet-stream: schema: type: string format: binary '401': description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '403': description: Forbidden content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '404': description: File not found content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' head: tags: [Files] summary: Check file metadata headers description: > Return file existence and metadata headers without the body. Requires a Member Center JWT access token with scope `files:metadata.read`. security: - BearerAuth: [files:metadata.read] parameters: - in: path name: objectKey required: true schema: type: string responses: '200': description: Metadata headers returned '401': description: Unauthorized '403': description: Forbidden '404': description: File not found delete: tags: [Files] summary: Delete file description: > Delete a file through File Access Agent. Requires a Member Center JWT access token with scope `files:delete`. security: - BearerAuth: [files:delete] parameters: - in: path name: objectKey required: true schema: type: string responses: '204': description: File deleted '401': description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '403': description: Forbidden content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '404': description: File not found content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' /files/metadata/{objectKey}: get: tags: [Files] summary: Get file metadata description: > Read file metadata without returning the file body. Requires a Member Center JWT access token with scope `files:metadata.read`. security: - BearerAuth: [files:metadata.read] parameters: - in: path name: objectKey required: true schema: type: string responses: '200': description: File metadata content: application/json: schema: $ref: '#/components/schemas/FileObjectResponse' '401': description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '403': description: Forbidden content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '404': description: File not found content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' /health: get: tags: [System] summary: Health check responses: '200': description: Service healthy content: application/json: schema: $ref: '#/components/schemas/HealthResponse' components: securitySchemes: BearerAuth: type: http scheme: bearer bearerFormat: JWT or delegated token schemas: FileObjectResponse: type: object required: - tenant_id - object_key - content_type - size - last_modified_at properties: tenant_id: type: string format: uuid file_id: type: string nullable: true object_key: type: string content_type: type: string size: type: integer format: int64 etag: type: string nullable: true last_modified_at: type: string format: date-time ErrorResponse: type: object required: - error - message - request_id properties: error: type: string message: type: string request_id: type: string format: uuid HealthResponse: type: object required: [status] properties: status: type: string example: ok