Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/ankit-bista/Final-Project/llms.txt

Use this file to discover all available pages before exploring further.

Blockchain Drive provides two complementary sharing systems. The first is a classic RBAC model where you grant individual users viewer or editor access to specific files or an entire drive. The second is a smart-contract-backed bulk sharing mechanism that records share grants on-chain, supports optional password protection, and can be revoked at any time. All sharing endpoints require an authenticated session cookie.

RBAC file and drive sharing

These endpoints live alongside the drive and file routes and operate on the application-layer permission model.

POST /share/:id

Grants another user access to a specific file. The caller must be the file owner.
id
number
required
Numeric ID of the file to share.
username
string
required
Username of the recipient.
role
string
required
Access level: viewer (read-only) or editor (read and write).
encryptedKey
string
The file’s encryption key re-encrypted with the recipient’s public key. Required when the file is encrypted and you want the recipient to be able to decrypt it. Retrieve the recipient’s public key first via GET /share-target.
curl -X POST https://api.blockchaindrive.io/share/123 \
  -H "Content-Type: application/json" \
  --cookie "connect.sid=..." \
  -d '{
    "username": "bob_eth",
    "role": "viewer",
    "encryptedKey": "AAAA...base64..."
  }'
Returns HTTP 200 on success (no body). Errors: 400 invalid file ID or role, 404 file or target user not found, 403 contract-enforced access denied.

GET /shared-with-me

Lists all files that other users have shared with the authenticated user via RBAC. 
curl "https://api.blockchaindrive.io/shared-with-me" \
  --cookie "connect.sid=..."
Returns an array of file objects in the same shape as GET /files, augmented with share metadata (role, sharer).

POST /drive/share

Shares the authenticated user’s entire default drive with another user. All files within the drive are shared at once. For encrypted drives, keyShares must contain a re-encrypted key for each file.
username
string
required
Username of the recipient.
role
string
required
Access level: viewer or editor.
keyShares
object
A map of fileId → encryptedKey pairs. Each key is the file’s encryption key re-encrypted with the recipient’s public key. Required for encrypted files; omit for unencrypted drives.
curl -X POST https://api.blockchaindrive.io/drive/share \
  -H "Content-Type: application/json" \
  --cookie "connect.sid=..." \
  -d '{
    "username": "bob_eth",
    "role": "viewer",
    "keyShares": {
      "123": "AAAA...base64...",
      "124": "BBBB...base64..."
    }
  }'
Returns HTTP 200 on success. Errors: 400 missing username or invalid role, 404 recipient not found, 403 contract-enforced denial.

Smart-contract bulk sharing

These endpoints are served under the /api/shares prefix and use an on-chain share registry for auditability and revocation.

POST /api/shares/bulk

Creates a bulk share that grants a single recipient access to multiple files at once. The share is recorded on the Ethereum contract when USE_REAL_CONTRACTS=true.
fileIds
number[]
required
Array of numeric file IDs to include in the share.
recipientAddress
string
required
Ethereum wallet address of the recipient. The recipient must have a Blockchain Drive account.
permissionType
string
Access level: readonly (default) or readwrite.
sharePassword
string
Optional password that the recipient must supply to access the share. The password is stored as a bcrypt hash — never in plaintext.
expiresIn
number
Number of days until the share automatically expires. Omit for no expiry.
curl -X POST https://api.blockchaindrive.io/api/shares/bulk \
  -H "Content-Type: application/json" \
  --cookie "connect.sid=..." \
  -d '{
    "fileIds": [123, 124, 125],
    "recipientAddress": "0xdef789...",
    "permissionType": "readonly",
    "sharePassword": "s3cr3t",
    "expiresIn": 7
  }'
Returns the created share object including shareId, transactionHash, and expiresAt. Errors: 404 recipient not found, 400 invalid file IDs or parameters.

GET /api/shares/received

Lists all bulk shares received by the authenticated user. 
curl "https://api.blockchaindrive.io/api/shares/received" \
  --cookie "connect.sid=..."
Returns an array of share objects:
shareId
string
required
Unique share identifier.
ownerId
number
required
ID of the user who created the share.
fileIds
number[]
required
File IDs included in the share.
permissionType
string
required
readonly or readwrite.
passwordProtected
boolean
required
Whether a password is required to access this share.
expiresAt
string | null
required
ISO 8601 expiry timestamp, or null for no expiry.
revokedAt
string | null
required
ISO 8601 timestamp if the share has been revoked, otherwise null.
accessCount
number
required
Number of times the share has been accessed.
transactionHash
string | null
required
On-chain transaction hash of the share grant.

GET /api/shares/received/:shareId

Verifies and retrieves a specific received share. If the share is password-protected, the correct password must be supplied.
shareId
string
required
Share ID from the share object.
password
string
Required when passwordProtected is true.
curl "https://api.blockchaindrive.io/api/shares/received/abc123?password=s3cr3t" \
  --cookie "connect.sid=..."
Returns { hasAccess: true, ...shareDetails } on success, or { hasAccess: false, error: "..." } with a 403 when access is denied.

GET /api/shares/sent

Lists all bulk shares created by the authenticated user. 
curl "https://api.blockchaindrive.io/api/shares/sent" \
  --cookie "connect.sid=..."
Returns an array of share objects in the same shape as GET /api/shares/received.

POST /api/shares/revoke

Revokes a bulk share, immediately preventing the recipient from accessing it.
shareId
string
required
ID of the share to revoke. The caller must be the share owner.
curl -X POST https://api.blockchaindrive.io/api/shares/revoke \
  -H "Content-Type: application/json" \
  --cookie "connect.sid=..." \
  -d '{"shareId":"abc123"}'

{ "success": true }
Error: 404 if the share does not exist or has already been revoked.
Revocation is immediate and permanent. The recipient loses access as soon as this call returns. A revoked share cannot be reinstated — create a new share instead.

GET /api/shares/stats

Returns aggregate statistics about the authenticated user’s sharing activity. 
curl "https://api.blockchaindrive.io/api/shares/stats" \
  --cookie "connect.sid=..."
Returns a stats object including counts of sent, received, active, and revoked shares.

GET /api/shares/:shareId/check-access

Checks whether the authenticated user currently has access to a share without logging an access event.
shareId
string
required
Share ID to check.
password
string
Required when the share is password-protected.
Returns { hasAccess: boolean, reason?: string }.

GET /api/shares/search

Searches shares visible to the authenticated user (both sent and received) by a keyword query.
q
string
Search term matched against share metadata. Defaults to an empty string (returns all shares).
curl "https://api.blockchaindrive.io/api/shares/search?q=report" \
  --cookie "connect.sid=..."
Returns an array of matching share objects.

Build docs developers (and LLMs) love

Get started for freeTalk to us