Redirect to a signed media URL
Accepts either the browser session cookie or `x-api-key`. The `key` path parameter is the full media key path, for example `workspaceId/logId/0-file.pdf`.
Browser session cookie used by logged-in Tracira users. Secure-prefixed variants may also be used by the browser.
In: cookie
Path Parameters
Query Parameters
Use 1 to request attachment disposition instead of inline preview.
Value in
- "1"
Response Body
application/json
application/json
application/json
curl -X GET "https://example.com/api/media/string"{ "error": "string", "code": "string", "fields": { "property1": "string", "property2": "string" }}{ "error": "string", "code": "string", "fields": { "property1": "string", "property2": "string" }}{ "error": "string", "code": "string", "fields": { "property1": "string", "property2": "string" }}Rotate the workspace webhook token POST
Workspace-admin only. Rate limited to 5 rotations per hour.
Create an upload POST
Returns a short-lived URL to upload one file directly to Tracira storage, bypassing the 4.5 MB request-body cap. Flow for large files: 1. POST /api/uploads -> `{ uploadUrl, key, contentType }` 2. PUT the raw file bytes to `uploadUrl` with header `Content-Type: <contentType>` 3. POST /api/logs with `attachments: [{ source: "uploaded", key }]` The file stages in your workspace until a log references it, then it is copied into that log. Uploads never linked to a log are deleted automatically within 24h. Accepted types: image/*, audio/*, application/pdf. Up to 32 MB per file. Each in-flight upload reserves space against your workspace storage quota (the declared `sizeBytes`, or the per-file max if omitted), so unlinked uploads can never push a workspace over its plan limit. The reservation is released when the upload is linked to a log or reaped.