Decode Container Content

The Decode Container Content endpoint attempts to decrypt and return the original file contents from a secure Locktera container.

All decode requests are evaluated against the container’s current access policies (recipients, time window, IP, geo, and download rules). If access is not permitted, the request is denied.

Endpoint

GET /users/{user_id}/containers/{container_id}/decode/{file_name}

Base URL:

https://share.locktera.com/api/v1

Full request URL example:

https://share.locktera.com/api/v1/users/USER_ID/containers/CONTAINER_ID/decode/{file_name}

Authentication

All requests must include a valid API key in the Authorization header.

Example request:

curl -X GET $BASE_URL/users/USER_ID/containers/CONTAINER_ID/decode/FILE_NAME \
  -H "Authorization: Bearer YOUR_API_KEY"

Path Parameters

container_id
Required. The unique identifier of the container to decode.

Example:

123e4567-e89b-12d3-a456-426614174000

Response (Successful Decode)

If access is permitted, the API returns the decoded content. The returned byte stream will return the decrypted, verified contents that were originally encoded. The response content type will match the content type originally encoded.

Response (Access Denied)

If access is not permitted under current container policies, the API returns 403 Forbidden.

HTTP 403 Forbidden

{
  "error": "access_denied",
  "message": "Access is not permitted under current container policies"
}

Denied decode attempts are recorded in audit logs.

Example Error Responses

HTTP 404 Not Found

{
  "error": "not_found",
  "message": "Container not found"
}

HTTP 401 Unauthorized

{
  "error": "unauthorized",
  "message": "Invalid API key"
}

DRM restrictions not satisfied (example):

{
  "error": "access_denied",
  "message": "Access denied: request does not satisfy container DRM rules"
}

What Happens During Decode

When a decode request is made:

  1. The request is authenticated using the API key

  2. Access rules are evaluated (recipient, time, IP, geo, etc.)

  3. Integrity is verified (tamper detection)

  4. If permitted, decrypted content is returned

  5. An audit event is recorded for the attempt (allowed or denied)

Decryption is only performed after access policies and integrity verification succeed.

Important Notes

• Decode is the only way to retrieve original file contents
• Access is enforced every time, using the current DRM policy
• If DRM rules change, future decode requests may be allowed or denied
• All decode attempts are auditable

Container integrity is verified before decryption to ensure contents have not been modified.

Get Container Metadata

GET /users/{user_id}/containers/{container_id}

Retrieve DRM Policy

GET /users/{user_id}/containers/{container_id}/drm

Update DRM Policy

PATCH /users/{user_id}/containers/{container_id}/drm

Retrieve Audit Events

GET /users/{user_id}/containers/{container_id}/events