Intake Upload Links
Generate, list, and revoke shareable upload links for non-technical customers.
Intake upload links let operators create shareable URLs that grant drag-and-drop file upload access to non-technical customers. The link token is the authentication - no API key is exposed to the customer.
Endpoints
POST
/v1/{workspace_id}/intake/links
Create an upload link
GET
/v1/{workspace_id}/intake/links
List upload links
DELETE
/v1/{workspace_id}/intake/links/{link_id}
Revoke an upload link
GET
/v1/{workspace_id}/intake/links/{link_id}/uploads
List uploads for a link
Create Upload Link
POST /v1/{workspace_id}/intake/links
Generates a new shareable upload link for a customer.
Request Body
customer_slug
string
Yes
-
Customer identifier (slug format)
display_name
string
No
null
Display name shown on the upload page
expires_in_hours
integer
No
168
Hours until the link expires (1-720)
max_uploads
integer
No
100
Maximum number of files that can be uploaded via this link (1-10,000)
Response (201 Created)
id
string (uuid)
Link ID
workspace_id
string (uuid)
Workspace the link belongs to
customer_slug
string
Customer identifier
display_name
string or null
Display name
upload_url
string
Relative URL for the upload page
link_token
string
The token embedded in the upload URL
status
string
One of: active, expired, revoked, exhausted
created_at
string (datetime)
When the link was created
expires_at
string (datetime)
When the link expires
revoked_at
string (datetime) or null
When the link was revoked, if applicable
max_uploads
integer
Maximum upload count
upload_count
integer
Number of files uploaded so far
last_upload_at
string (datetime) or null
When the last file was uploaded
Example
List Upload Links
GET /v1/{workspace_id}/intake/links
Returns upload links for the workspace. By default, only active links are returned.
Query Parameters
include_expired
boolean
false
Include expired, revoked, and exhausted links
Response (200 OK)
Array of link objects (same schema as the create response).
Revoke Upload Link
DELETE /v1/{workspace_id}/intake/links/{link_id}
Revokes an active upload link. Customers who try to use a revoked link will see an error page.
Path Parameters
link_id
string (uuid)
The link to revoke
Response
204 No Content on success. Returns 404 if the link does not exist or is already revoked.
List Uploads for a Link
GET /v1/{workspace_id}/intake/links/{link_id}/uploads
Returns files uploaded through a specific link.
Path Parameters
link_id
string (uuid)
The link to query
Response (200 OK)
Array of upload objects:
id
string (uuid)
Upload ID
customer_slug
string
Customer identifier
filename
string
Original filename
content_type
string
MIME type of the uploaded file
sha256
string
SHA-256 hash of the file contents
size_bytes
integer
File size in bytes
received_at
string (datetime)
When the file was received
scan_status
string
One of: skipped, pending, clean, infected
Download an Upload
GET /v1/{workspace_id}/intake/links/{link_id}/uploads/{upload_id}/download
Returns the raw file bytes with a Content-Disposition: attachment header. The download is scoped through the intake link - only uploads visible on the corresponding upload listing can be downloaded. If the upload or the underlying file no longer exists, the endpoint returns 404.
Downloads are logged as PHI access events in the audit trail. The response includes Cache-Control: private, no-store and X-Content-Type-Options: nosniff headers.
200
File bytes with original content type and filename
404
Link, upload, or underlying file not found
502
Storage backend unavailable
Public Upload Page
The upload page is served at the upload_url returned when creating a link. This page is publicly accessible (no authentication required) and provides:
Drag-and-drop file upload
Click-to-browse file selection
Upload progress indicators
Client-side file type and size validation
Upload Endpoint
POST /upload/{link_token}/files
This endpoint is called by the upload page. It accepts the file as the raw request body with metadata in headers.
Request Headers
x-amigo-intake-filename
Yes
Original filename
x-amigo-intake-content-type
Yes
MIME type of the file
Content-Length
No
File size (validated against the 100 MB limit)
Supported File Types
application/pdftext/csvimage/jpegimage/pngapplication/mswordapplication/vnd.openxmlformats-officedocument.wordprocessingml.documentapplication/vnd.ms-powerpointapplication/vnd.openxmlformats-officedocument.presentationml.presentation
Maximum file size: 100 MB. Files are validated against their declared content type using magic byte detection - if the file content does not match the declared type, the upload is rejected with a 422.
Response (201 Created)
When an uploaded file has the same content hash as a previously uploaded file in the same workspace, duplicate_of contains an object with the original upload's id and received_at. The duplicate file is still accepted and stored - this is informational only.
Error Responses
400
Invalid link token
404
Link not found or revoked
410
Link expired
413
File exceeds 100 MB limit
422
Invalid filename or unsupported content type
429
Rate limited or upload limit reached
503
Upload service not configured
Link Status Values
active
Link is valid and accepting uploads
expired
The expiration time has passed
revoked
An operator revoked the link
exhausted
The maximum upload count has been reached
Last updated
Was this helpful?