Notifications API - Introduction
Send notifications to people on your FileSpin account. At launch, only the email channel is supported; the request shape is channel-aware so additional channels (Slack, etc.) can be added server-side without changing the API.
The caller's identity is preserved by:
- Setting
Reply-Toto the caller's email address on outbound messages - Appending a "Sent by <caller> via FileSpin" footer to the body
Recipient allow-list
For the email channel, the server will only deliver to recipients that fall into one of these buckets:
- The caller's own email address
- Any user who belongs to the caller's account group
- Any email whose domain matches the caller's own email domain
- Any email whose domain is in the account's
allowed_notification_domainslist (managed by the account admin) - Any well-formed email address when the account admin has set
allow_all_notification_domainstotrue(malformed addresses are still rejected)
Recipients outside these buckets are returned in rejected_recipients with a reason. If every recipient is rejected, the request fails with HTTP 422.
The same policy is applied when users send a share page via email (PUT /api/v1/assetshare email_to, PATCH /api/v1/assetshare/{id} add_emails, legacy POST /api/v1/distribution email_to).
Authentication
- API Key: ApiKeyAuth
- HTTP: Bearer Auth
API key for programmatic access.
Security Scheme Type: | apiKey |
|---|---|
Header parameter name: | X-FileSpin-Api-Key |
JWT token obtained from POST /api/v1/login, or an OAuth2 access token with the send_notifications scope.
Security Scheme Type: | http |
|---|---|
HTTP Authorization Scheme: | bearer |
Bearer format: | JWT |