Autional Autional
API Reference GitHub autional.com →

POST /files

Upload a file to the object storage service, supporting images, videos, documents, etc. Automatically calculates SHA-256 hash, records file metadata, and triggers audit log. Reference: GDPR Art 32 (Security of Processing).

Storage Service `bearerAuth` multipart/form-data

Request Parameters

NameInTypeRequiredDefaultExampleConstraintsDescription
owner_id formData string Yes File owner ID
visibility formData string No Visibility: private / public, default private
parent_id formData string No Parent folder ID, leave empty to upload to root directory
file formData file Yes File to upload

Responses

StatusDescriptionSchema
201File uploaded successfully, returns file metadatadto.UploadFileDetailResponse
400Parameter validation failed or file type not alloweddto.Problem
401Unauthenticated or token expireddto.Problem
413File size exceeds limitdto.Problem
500Internal server errordto.Problem
507Insufficient storage quotadto.Problem

Referenced Schemas

dto.FieldViolation

FieldTypeRequiredExampleConstraintsDescription
code string No Code is the error code (optional). Used for programmatic identification of error types, e.g., "required", "format", "range"
description string No Description is a human-readable error description. Should explain what rule was violated, e.g., "Must be a valid email address"
field string No Field is the path to the error field. Uses dot notation for nested fields, e.g., "user.email" or "addresses[0].city"
value object No Value is the value that caused the error (optional, used in development mode). May not be returned in production to avoid leaking sensitive information.

dto.Problem

FieldTypeRequiredExampleConstraintsDescription
code integer No Code is the business error code. Used for programmatic handling of specific error scenarios. Example: 30101001
detail string No Detail is a human-readable explanation for this specific error instance. May contain specific error details, e.g., "Field 'email' is required"
errors array of

See dto.FieldViolation

No Errors is a list of field-level validation errors (extension field). Follows Web API standard practice, each error contains field name and error message.
i18n_args object No I18nArgs are internationalization parameters. Used for dynamically filling translation templates.
i18n_key string No I18nKey is the internationalization key. Used for client-side localization of error messages. Example: "error.user_not_found"
instance string No Instance is the specific URI reference where the problem occurred. Usually the request URL, may include query parameters. Example: "/api/v1/users?limit=invalid"
request_id string No RequestID is the unique request identifier. Used for log correlation and issue tracking. Example: "req_550e8400-e29b-41d4-a716-446655440000"
retry_after integer No RetryAfter is used for 429 Too Many Requests responses. Indicates how many seconds the client should wait before retrying (RFC 6585).
service string No Service is the service name. Used in microservice architecture to locate the error source. Example: "auth-service"
span_id string No SpanID is the current span identifier. Used for precise location of the current node in a distributed trace.
status integer No Status is the HTTP status code produced. Used by clients to distinguish problem types, does not change with Accept-Language. Example: 400, 401, 403, 404, 500
timestamp string No Timestamp is the error occurrence time. ISO 8601 format. Example: "2026-04-03T12:00:00Z"
title string No Title is a short, human-readable summary of the problem type. The same Type should always have the same Title (does not vary by instance). Example: "Invalid Request Parameters"
trace_id string No TraceID is the distributed trace identifier. Follows W3C Trace Context standard. Example: "00-0af7651916cd43dd8448eb211c80319c-b7ad6b7169203331-01"
type string No Type is a URI reference that identifies the problem type. When dereferenced, it should provide human-readable documentation. Example: "https://api.example.com/errors/invalid-request"

dto.UploadFileDetailResponse

FieldTypeRequiredExampleConstraintsDescription
code integer No
data dto.UploadFileResponse No
message string No
timestamp string No

dto.UploadFileResponse

File upload result

FieldTypeRequiredExampleConstraintsDescription
created_at string No 2026-04-15T10:00:00Z Upload time
file_id string No file_abc123 File ID
file_name string No document.pdf File count
size integer No 204800 File size
thumbnail_url string No https://... Thumbnail?
url string No https://storage.example.com/... Access URL