# Kiteworks API — internal Operations

**1 endpoint** | [Browse interactive reference](https://developer.kiteworks.com/api-reference/internal.html) | [Download spec slice](https://developer.kiteworks.com/assets/specs/internal.json)

> **Authentication required.** All requests must include a Bearer access token in the
> `Authorization` header. See [Authentication](https://developer.kiteworks.com/authentication.md) for how to
> obtain a token using OAuth 2.0 Authorization Code (PKCE) or JWT Bearer flow.

---

## POST /rest/advancedForms/{id}/submissions

**Summary:** Create an upload link for an Advanced Form submission

### Description:
  Creates a subfolder under the form owner's folder for the submission, then returns an upload link that the Advanced Form client can use to upload the submitted files.
### Precondition:
  Caller must be an Advanced Forms client.
  The authenticated user must be the form owner.
### Response:
  Returns an upload link pointing to the newly created submission subfolder.

**Parameters:**

| Name | In | Required | Description |
|------|----|----------|-------------|
| `id` | path | yes | The unique identifier (UUID) of the entity. |

**Request Body:**

| Property | Type | Required | Description |
|----------|------|----------|-------------|
| `name` | string | yes | Name of the subfolder to create under the form owner's folder for this submission. |
| `submitter` | string | yes | Email address of the user submitting the form. Pass `null` to create an anonymous submission. |

**Responses:**

| Code | Description |
|------|-------------|
| 201 | The submission subfolder and upload link have been successfully created. |
| 401 | Unauthorized  <i>Possible error codes: </i>ERR_AUTH_INVALID_CSRF, ERR_AUTH_UNAUTHORIZED |
| 403 | Forbidden  <i>Possible error codes: </i>ERR_ACCESS_USER, ERR_ACCESS_CLIENT |
| 404 | Not Found  <i>Possible error codes: </i>ERR_ENTITY_NOT_FOUND |
| 422 | Unprocessable Content  <i>Possible error codes: </i>ERR_INPUT_INVALID_FORMAT |
| 490 | Request blocked by WAF |

**Response Examples:**

**401 (ERR_AUTH_INVALID_CSRF):**

```json
{
  "errors": [
    {
      "code": "ERR_AUTH_INVALID_CSRF",
      "message": "Invalid CSRF Authentication"
    }
  ]
}
```

**401 (ERR_AUTH_UNAUTHORIZED):**

```json
{
  "errors": [
    {
      "code": "ERR_AUTH_UNAUTHORIZED",
      "message": "Unauthorized"
    }
  ]
}
```

**403 (ERR_ACCESS_USER):**

```json
{
  "errors": [
    {
      "code": "ERR_ACCESS_USER",
      "message": "Insufficient access permissions"
    }
  ]
}
```

**403 (ERR_ACCESS_CLIENT):**

```json
{
  "errors": [
    {
      "code": "ERR_ACCESS_CLIENT",
      "message": "Insufficient access permissions"
    }
  ]
}
```

**404 (ERR_ENTITY_NOT_FOUND):**

```json
{
  "errors": [
    {
      "code": "ERR_ENTITY_NOT_FOUND",
      "message": "Entity does not exist"
    }
  ]
}
```

**422 (ERR_INPUT_INVALID_FORMAT):**

```json
{
  "errors": [
    {
      "code": "ERR_INPUT_INVALID_FORMAT",
      "message": "The input is invalid."
    }
  ]
}
```

**Code Samples:**

**cURL:**

```shell
curl -X POST \
  "https://{instance}.kiteworks.com/rest/advancedForms/:id/submissions" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
         "name": "string",
         "submitter": "string"
       }'
```

**Python:**

```python
import requests

id = "VALUE"  # The unique identifier (UUID) of the entity.

url = f"https://{{instance}}.kiteworks.com/rest/advancedForms/{id}/submissions"
headers = {
    "Authorization": "Bearer YOUR_TOKEN",
    "Content-Type": "application/json",
}
payload = {
  "name": "string",
  "submitter": "string"
}
response = requests.post(url, headers=headers, json=payload)
print(response.json())
```

---
