Encode Container
The Encode Container endpoint creates a secure Locktera container by encrypting one or more files and applying access policies defined in a manifest.
This is the primary method for protecting files using the Locktera CORE API.
Endpoint
POST /users/{user_id}/containers/encode
Base URL:
https://share.locktera.com/api/v1
Full request URL example:
https://share.locktera.com/api/v1/users/USER_ID/containers/encode
Authentication
All requests must include a valid API key:
-H "Authorization: Bearer YOUR_API_KEY"
Authentication is verified before any container encryption or policy application occurs.
Request Format
The request must use multipart/form-data.
Required form fields:
• manifest.json — defines access policies
• files — one or more files to encrypt
Example Manifest
{
"org_id": "your_user_id",
"container": {
"name": "example_container",
"recipients": [
"authorized.user@company.com"
],
"downloadable": false,
"drm": {
"dynamic": true,
"time": {
"start": "2026-01-01",
"end": "2027-01-01"
}
}
}
}
Content-Type: multipart/form-data
Example Request
curl -X POST $BASE_URL/users/YOUR_USER_ID/containers/encode \
-H "Authorization: Bearer YOUR_API_KEY" \
-F "manifest.json=@manifest.json;type=application/json" \
-F "files=@example.pdf;type=application/pdf"
Example Success Response
{
"container": {
"uuid": "123e4567-e89b-12d3-a456-426614174000"
// ...
}
}
The returned container_id uniquely identifies the newly created container.
Your application should store this ID for future operations.
The encoded container is stored as a Locktera container (.tera) and can be safely stored, transferred, or shared.
Example Error Responses
HTTP 401 Unauthorized (invalid API key):
{
"error": "unauthorized",
"message": "Invalid API key"
}
HTTP 403 Forbidden (insufficient permissions):
{
"error": "access_denied",
"message": "You do not have permission to encode containers"
}
HTTP 400 Bad Request:
{
"error": "invalid_request",
"message": "Manifest file is missing or malformed"
}
What Happens During Encoding
When this endpoint is called:
-
Files are encrypted into a secure container
-
Access policies from the manifest are applied.
-
Access policies are cryptographically bound to the container and enforced on all future access attempts.
-
Integrity protection is applied
-
The container is stored securely
-
An audit event is recorded
The resulting container is cryptographically protected and policy-bound.
Notes
• Multiple files can be included in a single container
• File contents cannot be modified after encoding
• Access policies can be updated later only if dynamic is set to true
Next Steps
After encoding a container, you can:
• Retrieve container metadata
• Update access policies
• Decode container contents
• Retrieve audit logs
See the related sections in the Containers, DRM, Decode, and Audit documentation.
