Skip to content
Last update: February 12, 2024

Getting started

To start uploading files from clients applications:

  1. Register the upload scope
  2. Query settings.
  3. Upload files.
  4. Extend xAPI.
  5. Implement security.
  6. Download files.
  7. Delete files.

Register Upload Scope

Update appsettings.json with file upload scope settings:

  "FileUpload": {
    "RootPath": "attachments",
    "Scopes": [
        "Scope": "quote-attachments",
        "MaxFileSize": 123,
        "AllowedExtensions": [ ".jpg", ".pdf", ".png", ".txt" ]

Query Settings

Use GraphQL to query file upload options for the desired scope from client application:

query {
  fileUploadOptions(scope: "quote-attachments"){

Upload files

Use the provided API endpoint to upload files as multipart/form-data and obtain a safe file ID:

POST https://<YOUR-DOMAIN>/api/files/quote-attachments
Content-Type: multipart/form-data
curl.exe -k -F file=@test.txt https://<YOUR-DOMAIN>/api/files/quote-attachments?api_key=***

Extend xAPI

Extend your XAPI queries and mutations to include file attachments with the safe file ID as needed for your application:

mutation {
    command: {
      quoteId: "a73c6031-ab6a-4acc-9f16-466d287d7565"
      urls: [

Implement Security

Implement security callback to control access to files based on your application's requirements with impementation of IFileAuthorizationRequirementFactory

Download Files

Use the provided API endpoint to download files using the safe file ID obtained during upload:

GET https://<YOUR-DOMAIN>/api/files/<safe-file-id>

Delete Files

Use deleteFile mutation to remove file from storage:

mutation {
    command: {
      id: "d6e575f9633946f19b9791eee0db5e1f"