Get Started

Locktera protects files by encrypting them into immutable containers that enforce access policies cryptographically at the time of decryption.

This guide will show you how to:

• Authenticate with the Locktera API
• Encrypt a file into a secure container
• Apply access policies
• Retrieve container metadata

This takes approximately 2 minutes.

After completing these steps, your file will be encrypted into a Locktera container (.tera), protected by access policies, and fully auditable.

Prerequisites

Before starting, ensure you have:

• A Locktera account
• Your User ID
An API key
• A test file (example.pdf)

To create an API key:

  1. Log in to the Locktera portal

  2. Navigate to Configuration → API Keys

  3. Select Create API Key

  4. Copy and store the API key securely

API keys inherit your user permissions and are required for all API requests.

Base URL

All Locktera CORE API requests use:

https://share.locktera.com/api/v1

All requests must be made over HTTPS.

You may optionally define a variable:

BASE_URL=https://share.locktera.com/api/v1

Authentication

All requests must include your API key in the Authorization header using Bearer authentication.

Header format:

Authorization: Bearer YOUR_API_KEY

Verify your API key:

curl https://share.locktera.com/api/v1/me \
  -H "Authorization: Bearer YOUR_API_KEY"

Example response:

{
  "id": "123e4567-e89b-12d3-a456-426614174001",
  "role": "user",
  "root_org_id": "123e4567-e89b-12d3-a456-426614174000",
  "created_date": "2026-02-20T21:15:08.855Z",
  "email": "hello@example.com",
  "first_name": "string",
  "last_name": "string",
  "mobile_phone": "string"
  // ...
}

Configure Private Cloud Storage

Locktera uses a Bring Your Own Storage (BYOS) model.

Encrypted containers are stored directly in your private cloud storage, while Locktera manages encryption, access control, and authorization.

Locktera supports:

• Microsoft Azure Blob Storage
• AWS S3
• Google Cloud Storage
• Akamai Object Storage
• Wasabi
• Any S3-compatible storage

Before encrypting files, configure a storage location where encrypted containers will be written.

See the Storage Configuration User Guide for setup instructions:

Azure Blob Storage
AWS Storage
Google Cloud Storage
Akamai Storage
Wasabi

Encode Your First Container

Create a manifest file defining access policies.

Example manifest.json:

{
  "container": {
    "name": "example_container",
    "recipients": [
      "jane.doe@example.com",
      "john.doe@example.com"
    ],
    "downloadable": true,
    "password": "secret",
    "drm": {
      "dynamic": true,
      "geo": {
        "allow": [
          {
            "country": "USA"
          }
        ]
      },
      "time": {
        "start": "2026-01-01",
        "end": "2027-01-01"
      }
    }
  }
}

The encode endpoint accepts multipart/form-data, including the manifest and one or more files.

Encode your file into a secure Locktera container:

curl -X POST $BASE_URL/users/YOUR_USER_ID/containers/encode \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -F "manifest.json=@manifest.json;type=application/json" \
  -F "file=@example.pdf;type=application/pdf"
  -F "file=@example2.jpg;type=image/jpeg"

Example response:

{
  "org_id": "your_user_id",
  "container": {
    "uuid": "new_container_id",
    "name": "example_container",
    // ...
  }
}

If successful, your file is now securely encrypted and protected in a Locktera container.

Store the container_id. It is required for all future operations.

Verify Container

Retrieve container metadata:

curl $BASE_URL/users/YOUR_USER_ID/containers/NEW_CONTAINER_ID \
  -H "Authorization: Bearer YOUR_API_KEY"

Example response:

{
  "org_id": "your_user_id",
  "container": {
    "uuid": "new_container_id",
    "name": "example_container",
    // ...
  }
}

API Keys

Containers - Core Concepts

Encode Container Tutorial

Get Container Metadata