TinyDS API Documentation

Complete API reference for TinyDS document management system

Documents API

GET /documents 🔒 Auth Required

List documents accessible to the authenticated user.

Query Parameters:

  • Various filter parameters supported (see implementation for details)
GET /document/:id 🔒 Auth Required

Get document metadata and download URL.

URL Parameters:

  • id (string, required) - Document ID

Query Parameters:

  • isAttachment (string, optional) - 'true' or 'false'
  • share (string, optional) - 'true' or 'false'
POST /document 🔒 Auth Required

Create new document and get upload URL.

POST /document/:id 🔒 Auth Required

Create new version of existing document and get upload URL.

POST /document/:id/complete/:uploadid 🔒 Auth Required

Complete multipart upload.

URL Parameters:

  • id (string, required) - Document ID
  • uploadid (string, required) - Upload ID
POST /document/:id/abort/:uploadid 🔒 Auth Required

Abort multipart upload.

PUT /document/:id 🔒 Auth Required

Update document metadata.

DELETE /document/:id 🔒 Auth Required

Delete document and all versions.

DELETE /version/:id 🔒 Auth Required

Delete specific document version.

GET /document/inline/:id 🔒 Auth Required

Get document for inline display (not as attachment).

GET /count 🔒 Auth Required

Get total document count for user.

GET /ping

Health check endpoint.

Document Linking: Documents can be linked together to create relationships.
PUT /document/link/:id 🔒 Auth Required

Link document to another document.

PUT /document/unlink/:id 🔒 Auth Required

Remove link between documents.

GET /document/link/:id 🔒 Auth Required

List all linked documents.

Document Locking: Documents can be locked to prevent modifications.
PUT /document/lock/:id 🔒 Auth Required

Lock document to prevent modifications.

PUT /document/unlock/:id 🔒 Auth Required

Unlock document.

GET /document/lock/:id 🔒 Auth Required

Get document lock status.

Comments & Annotations: Add comments and annotations to documents.
GET /document/comment/:id 🔒 Auth Required

Get document comments.

PUT /document/comment/:id 🔒 Auth Required

Add comment to document.

GET /document/annotations/:id 🔒 Auth Required

Get document annotations.

PUT /document/annotations/:id 🔒 Auth Required

Append annotation to document.

POST /document/annotations/:id 🔒 Auth Required

Set/replace document annotations.

PATCH /document/annotations/:id 🔒 Auth Required

Remove annotation from document.

Viewers: Share documents with external viewers.
POST /add-viewer 🔒 Auth Required

Add viewer to document.

Request Body:

  • documentId (string, required) - Document ID
  • email (string, required) - Viewer email
GET /viewers 🔒 Auth Required

Get list of document viewers.

Query Parameters:

  • documentId (string, required) - Document ID
GET /view 🔒 External Auth

View document (for external viewers). Renders view page.

Query Parameters:

  • documentId (string, required) - Document ID
GET /view/document/:documentId 🔒 External Auth

Proxy endpoint to stream document content to viewer.

GridFS Storage: Direct upload/download endpoints for GridFS storage backend.
PUT /storage/gridfs/upload/:token

Upload file to GridFS using signed token. Automatically extracts words from PDFs.

GET /storage/gridfs/download/:token

Download file from GridFS using signed token.

Authentication API

GET /login

Display login page with support for different authentication types (bankid, freja, or standard username/password).

Query Parameters:

  • type (string, optional) - Authentication type: 'bankid', 'freja', or default
GET /login-external

Display login page for external users (viewers/signers).

POST /login

Authenticate user and return access tokens.

Request Body:

  • email (string, required) - User email
  • password (string, required) - User password
POST /login-external

Authenticate external user with email and verification code.

Request Body:

  • email (string, required) - External user email
  • code (string, required) - Verification code sent to email

Response:

Returns access token and refresh token. Sets HTTP-only cookie with access token.

POST /generate-external

Generate and send verification code to external user's email.

Request Body:

  • email (string, required) - External user email
POST /logout 🔒 Auth Required

Logout user and invalidate tokens.

POST /refresh 🔒 Auth Required

Refresh access token using refresh token.

Response:

Returns new refresh_token and access_token.

GET /register

Display user registration page.

POST /register

Register new user account.

Request Body:

  • email (string, required) - User email
  • password (string, required) - User password
  • code (string, required) - Verification code
  • googleauth (string, optional) - Enable 2FA if "on"
POST /generate

Generate and send registration verification code.

Request Body:

  • email (string, required) - User email
POST /check

Check if user credentials are valid.

POST /checkpwd

Validate password and send 2FA code via SMS or email.

Request Body:

  • password (string, required) - User password
  • factor (string, optional) - '2fa method: 'sms' or email

Users API

GET /users 🔒 Auth Required

Get list of users in the system.

GET /user/profile 🔒 Auth Required

Get current user's profile.

PUT /user/profile 🔒 Auth Required

Update user profile (merge with existing).

POST /user/profile 🔒 Auth Required

Set user profile (replace existing).

PATCH /user/profile 🔒 Auth Required

Delete fields from user profile.

Signatures API

GET /sign 🔒 External Auth

Display signature page for external signer.

Query Parameters:

  • documentId (string, required) - Document ID to sign
POST /sign 🔒 External Auth

Sign document with optional signature image and message.

Request Body:

  • documentId (string, required) - Document ID
  • signature (string, optional) - Base64 signature image
  • message (string, optional) - Signature message
GET /sign/pdf/:documentId 🔒 External Auth

Proxy endpoint to stream PDF for signing.

POST /validate 🔒 Auth Required

Validate document signatures.

Request Body:

  • documentId (string, required) - Document ID
POST /add-signer 🔒 Auth Required

Add signer to document.

Request Body:

  • documentId (string, required) - Document ID
  • email (string, required) - Signer email
  • message (string, optional) - Message for signer
GET /signers 🔒 Auth Required

Get list of document signers.

Query Parameters:

  • documentId (string, required) - Document ID

Templates API

GET /template 🔒 Auth Required

List templates available to user for specific document type.

Query Parameters:

  • doctype (string, optional) - Filter by document type
POST /template/document 🔒 Auth Required

Create document from template.

Request Body:

  • metadata (object, required) - Document metadata
  • templateName (string, required) - Template name

Types & Fields API

GET /types 🔒 Auth Required

Get document types available to user.

Query Parameters:

  • action (string, optional) - Filter by action
PUT /type 🔒 Auth Required

Add or update document type for user.

POST /type 🔒 Auth Required

Add document type for user.

POST /field 🔒 Auth Required

Add custom field for user.

Admin API

Admin Operations: The admin API provides CRUD operations for fields, types, permissions, roles, users, and templates. All endpoints require admin authentication.
GET /admin/:operation/:name? 🔒 Admin Auth

Get admin resource(s). Operation can be: field, type, permission, role, user, or template.

URL Parameters:

  • operation (string, required) - One of: field, type, permission, role, user, template
  • name (string, optional) - Resource name to filter
POST /admin/:operation 🔒 Admin Auth

Create new admin resource.

Field Creation Body:

  • name (string, required)
  • displayname (string, required)
  • type (string, required) - number, text, select, date, boolean
  • order (number, required)
  • search (boolean, required)
  • index (boolean, required)
  • update (boolean, required)
  • mandatory (boolean, required)

Type Creation Body:

  • name (string, required)
  • order (number, required)
  • fields (array, required) - Array of field names

User Creation Body:

  • name (string, required)
  • email (email, required)
  • auth (string, required)
  • customer (string, required)
  • roles (array, required)
  • password (string, optional)
PUT /admin/:operation/:name 🔒 Admin Auth

Update existing admin resource.

DELETE /admin/:operation/:name 🔒 Admin Auth

Delete admin resource.

Triggers API

POST /event/s3

S3/MinIO event webhook for automatic document processing. Triggered when files are uploaded to S3/MinIO buckets.

Request Body:

S3 event notification format with Records array containing bucket, key, etag, size, and metadata.

Processing:

  • Updates document metadata in database
  • Extracts words from PDF files for search indexing
  • Sends notifications via Pusher (if enabled)
Configuration: Set DO_NOTIFY=Y to enable Pusher notifications. This endpoint is typically called by MinIO/S3 event notifications, not directly by clients.