Manifest / Access Policies
A manifest defines the access control policies applied to a container.
The manifest is provided when a container is created and determines who can access the container and under what conditions.
The manifest becomes part of the container and travels with it. Access policies remain enforced regardless of storage location or infrastructure.
It is submitted as a manifest.json file when calling the encode endpoint and becomes part of the container.
Purpose of the Manifest
The manifest controls:
• Who can access the container
• When access is allowed
• Where access is allowed from
• Whether content can be downloaded
• Whether access policies can be updated later
These rules are cryptographically enforced whenever a container is accessed.
Basic Manifest Example
{
"org_id": "your_user_id",
"container": {
"name": "example_container",
"recipients": [
"jane.doe@example.com"
],
"downloadable": false,
"drm": {
"dynamic": true
}
}
}
• Is named example_container
• Allows access only to the specified recipient
• Prevents downloading of contents
• Allows access policies to be updated later
Manifest Fields
Container Name
A human-readable name for the container.
Example:
{
"container": {
"name": "financial_report_q2"
}
}
Org ID
Identifies the organization that owns the container.
Example:
{
"org_id": "your_user_id"
}
Recipients
Defines which users are allowed to access the container.
Example:
{
"container": {
"recipients": [
"user1@company.com",
"user2@company.com"
]
}
}
Only listed recipients can access the container.
Downloadable
Controls whether file contents can be downloaded.
Example:
{
"container": {
"downloadable": false
}
}
If set to false, contents may be viewable but not downloadable.
Dynamic Access Policies
Determines whether access policies can be updated after container creation.
Example:
{
"container": {
"drm": {
"dynamic": true
}
}
}
If true, policies can be modified using the DRM API.
If false, access policies cannot be changed.
Optional Access Restrictions
The manifest supports additional restrictions.
Time Restrictions
Limit access to a specific time window.
Example:
{
"container": {
"drm": {
"time": {
"start": "2026-01-01T00:00:00Z",
"end": "2026-02-01T00:00:00Z"
}
}
}
}
Access outside this window is denied.
IP Address Restrictions
Limit access to specific IP addresses.
Example:
{
"container": {
"drm": {
"ip": {
"allow": [
"198.51.100.10"
]
}
}
}
}
Only requests from allowed IP addresses are permitted. Addresses can be specified as ranges (e.g. 192.168.0.1-192.160.0.8) or CIDR notation (e.g. 192.168.0.0/24) as well.
Geographic Restrictions
Restrict access based on location.
Example:
{
"container": {
"drm": {
"geo": {
"block": [
{ "country": "CN" },
{ "country": "RU" }
]
}
}
}
}
Access from blocked countries is denied.
How the Manifest Is Used
The manifest is submitted when creating a container:
POST /users/{user_id}/containers/encode
Example:
curl -X POST $BASE_URL/users/YOUR_USER_ID/containers/encode \
-H "Authorization: Bearer YOUR_API_KEY" \
-F "manifest.json=@manifest.json" \
-F "files=@example.pdf"
The manifest becomes part of the container and is enforced on every access attempt.
Updating Access Policies
If the manifest includes:
{
"drm": {
"dynamic": true
}
}
Access policies can later be updated using:
PATCH /users/{user_id}/containers/{container_id}/drm
If dynamic is false, policies cannot be changed.
Manifest policies cannot be bypassed or overridden by storage systems, network controls, or external applications.
Access Enforcement
Whenever a container is accessed, Locktera evaluates:
• Recipient authorization
• Time restrictions
• IP restrictions
• Geographic restrictions
• Download permissions
If access is not permitted, the request is denied.
Example response:
{
"error": "access_denied",
"message": "Access is not permitted under current container policies"
}
Manifest enforcement occurs before any decryption operation is allowed.
Summary
The manifest defines the access policies for a container.
It controls:
• Who can access the container
• When access is allowed
• Where access is allowed from
• Whether downloading is permitted
• Whether policies can be updated
These policies are cryptographically enforced on every access attempt.
