Encode Container

The Encode Container endpoint creates a secure Locktera container by encrypting one or more files and applying access policies defined in a manifest.

This is the primary method for protecting files using the Locktera CORE API.

Endpoint

POST /users/{user_id}/containers/encode

Base URL:

https://share.locktera.com/api/v1

Full request URL example:

https://share.locktera.com/api/v1/users/USER_ID/containers/encode

Authentication

All requests must include a valid API key:

-H "Authorization: Bearer YOUR_API_KEY"

Authentication is verified before any container encryption or policy application occurs.

Request Format

The request must use multipart/form-data.

Required form fields:

manifest.json — defines access policies
files — one or more files to encrypt

Example Manifest

{
  "org_id": "your_user_id",
  "container": {
    "name": "example_container",
    "recipients": [
      "authorized.user@company.com"
    ],
    "downloadable": false,
    "drm": {
      "dynamic": true,
      "time": {
        "start": "2026-01-01",
        "end": "2027-01-01"
      }
    }
  }
}

Content-Type: multipart/form-data

Example Request

curl -X POST $BASE_URL/users/YOUR_USER_ID/containers/encode \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -F "manifest.json=@manifest.json;type=application/json" \
  -F "files=@example.pdf;type=application/pdf"

Example Success Response

{
  "container": {
    "uuid": "123e4567-e89b-12d3-a456-426614174000"
    // ...
  }
}

The returned container_id uniquely identifies the newly created container.

Your application should store this ID for future operations.

The encoded container is stored as a Locktera container (.tera) and can be safely stored, transferred, or shared.

Example Error Responses

HTTP 401 Unauthorized (invalid API key):

{
  "error": "unauthorized",
  "message": "Invalid API key"
}

HTTP 403 Forbidden (insufficient permissions):

{
  "error": "access_denied",
  "message": "You do not have permission to encode containers"
}

HTTP 400 Bad Request:

{
  "error": "invalid_request",
  "message": "Manifest file is missing or malformed"
}

What Happens During Encoding

When this endpoint is called:

  1. Files are encrypted into a secure container

  2. Access policies from the manifest are applied.

  3. Access policies are cryptographically bound to the container and enforced on all future access attempts.

  4. Integrity protection is applied

  5. The container is stored securely

  6. An audit event is recorded

The resulting container is cryptographically protected and policy-bound.

Notes

• Multiple files can be included in a single container
• File contents cannot be modified after encoding
• Access policies can be updated later only if dynamic is set to true

Next Steps

After encoding a container, you can:

• Retrieve container metadata
• Update access policies
• Decode container contents
• Retrieve audit logs

See the related sections in the Containers, DRM, Decode, and Audit documentation.