Get Started
Locktera protects files by encrypting them into immutable containers that enforce access policies cryptographically at the time of decryption.
This guide will show you how to:
• Authenticate with the Locktera API
• Encrypt a file into a secure container
• Apply access policies
• Retrieve container metadata
This takes approximately 2 minutes.
After completing these steps, your file will be encrypted into a Locktera container (.tera), protected by access policies, and fully auditable.
Prerequisites
Before starting, ensure you have:
• A Locktera account
• Your User ID
• An API key
• A test file (example.pdf)
To create an API key:
-
Log in to the Locktera portal
-
Navigate to Configuration → API Keys
-
Select Create API Key
-
Copy and store the API key securely
API keys inherit your user permissions and are required for all API requests.
Base URL
All Locktera CORE API requests use:
https://share.locktera.com/api/v1
All requests must be made over HTTPS.
You may optionally define a variable:
BASE_URL=https://share.locktera.com/api/v1
Authentication
All requests must include your API key in the Authorization header using Bearer authentication.
Header format:
Authorization: Bearer YOUR_API_KEY
Verify your API key:
curl https://share.locktera.com/api/v1/me \
-H "Authorization: Bearer YOUR_API_KEY"
Example response:
{
"id": "123e4567-e89b-12d3-a456-426614174001",
"role": "user",
"root_org_id": "123e4567-e89b-12d3-a456-426614174000",
"created_date": "2026-02-20T21:15:08.855Z",
"email": "hello@example.com",
"first_name": "string",
"last_name": "string",
"mobile_phone": "string"
// ...
}
Configure Private Cloud Storage
Locktera uses a Bring Your Own Storage (BYOS) model.
Encrypted containers are stored directly in your private cloud storage, while Locktera manages encryption, access control, and authorization.
Locktera supports:
• Microsoft Azure Blob Storage
• AWS S3
• Google Cloud Storage
• Akamai Object Storage
• Wasabi
• Any S3-compatible storage
Before encrypting files, configure a storage location where encrypted containers will be written.
See the Storage Configuration User Guide for setup instructions:
• Azure Blob Storage
• AWS Storage
• Google Cloud Storage
• Akamai Storage
• Wasabi
Encode Your First Container
Create a manifest file defining access policies.
Example manifest.json:
{
"container": {
"name": "example_container",
"recipients": [
"jane.doe@example.com",
"john.doe@example.com"
],
"downloadable": true,
"password": "secret",
"drm": {
"dynamic": true,
"geo": {
"allow": [
{
"country": "USA"
}
]
},
"time": {
"start": "2026-01-01",
"end": "2027-01-01"
}
}
}
}
The encode endpoint accepts multipart/form-data, including the manifest and one or more files.
Encode your file into a secure Locktera container:
curl -X POST $BASE_URL/users/YOUR_USER_ID/containers/encode \
-H "Authorization: Bearer YOUR_API_KEY" \
-F "manifest.json=@manifest.json;type=application/json" \
-F "file=@example.pdf;type=application/pdf"
-F "file=@example2.jpg;type=image/jpeg"
Example response:
{
"org_id": "your_user_id",
"container": {
"uuid": "new_container_id",
"name": "example_container",
// ...
}
}
If successful, your file is now securely encrypted and protected in a Locktera container.
Store the container_id. It is required for all future operations.
Verify Container
Retrieve container metadata:
curl $BASE_URL/users/YOUR_USER_ID/containers/NEW_CONTAINER_ID \
-H "Authorization: Bearer YOUR_API_KEY"
Example response:
{
"org_id": "your_user_id",
"container": {
"uuid": "new_container_id",
"name": "example_container",
// ...
}
}
