Decode Container Content
The Decode Container Content endpoint attempts to decrypt and return the original file contents from a secure Locktera container.
All decode requests are evaluated against the container’s current access policies (recipients, time window, IP, geo, and download rules). If access is not permitted, the request is denied.
Endpoint
GET /users/{user_id}/containers/{container_id}/decode/{file_name}
Base URL:
https://share.locktera.com/api/v1
Full request URL example:
https://share.locktera.com/api/v1/users/USER_ID/containers/CONTAINER_ID/decode/{file_name}
Authentication
All requests must include a valid API key in the Authorization header.
Example request:
curl -X GET $BASE_URL/users/USER_ID/containers/CONTAINER_ID/decode/FILE_NAME \
-H "Authorization: Bearer YOUR_API_KEY"
Path Parameters
container_id
Required. The unique identifier of the container to decode.
Example:
123e4567-e89b-12d3-a456-426614174000
Response (Successful Decode)
If access is permitted, the API returns the decoded content. The returned byte stream will return the decrypted, verified contents that were originally encoded. The response content type will match the content type originally encoded.
Response (Access Denied)
If access is not permitted under current container policies, the API returns 403 Forbidden.
HTTP 403 Forbidden
{
"error": "access_denied",
"message": "Access is not permitted under current container policies"
}
Denied decode attempts are recorded in audit logs.
Example Error Responses
HTTP 404 Not Found
{
"error": "not_found",
"message": "Container not found"
}
HTTP 401 Unauthorized
{
"error": "unauthorized",
"message": "Invalid API key"
}
DRM restrictions not satisfied (example):
{
"error": "access_denied",
"message": "Access denied: request does not satisfy container DRM rules"
}
What Happens During Decode
When a decode request is made:
-
The request is authenticated using the API key
-
Access rules are evaluated (recipient, time, IP, geo, etc.)
-
Integrity is verified (tamper detection)
-
If permitted, decrypted content is returned
-
An audit event is recorded for the attempt (allowed or denied)
Decryption is only performed after access policies and integrity verification succeed.
Important Notes
• Decode is the only way to retrieve original file contents
• Access is enforced every time, using the current DRM policy
• If DRM rules change, future decode requests may be allowed or denied
• All decode attempts are auditable
Container integrity is verified before decryption to ensure contents have not been modified.
Related Endpoints
Get Container Metadata
GET /users/{user_id}/containers/{container_id}
Retrieve DRM Policy
GET /users/{user_id}/containers/{container_id}/drm
Update DRM Policy
PATCH /users/{user_id}/containers/{container_id}/drm
Retrieve Audit Events
GET /users/{user_id}/containers/{container_id}/events
