# Kiteworks API — uploads Operations

**11 endpoints** | [Browse interactive reference](https://developer.kiteworks.com/api-reference/uploads.html) | [Download spec slice](https://developer.kiteworks.com/assets/specs/uploads.json)

> **Authentication required.** All requests must include a Bearer access token in the
> `Authorization` header. See [Authentication](https://developer.kiteworks.com/authentication.md) for how to
> obtain a token using OAuth 2.0 Authorization Code (PKCE) or JWT Bearer flow.

---

## GET /rest/uploads

**Summary:** Retrieve all user upload sessions

Returns all active (not yet completed) upload sessions associated with the authenticated user. Each record includes the session ID, file name, total and uploaded sizes, chunk counts, and upload URI.

**Parameters:**

| Name | In | Required | Description |
|------|----|----------|-------------|
| `offset` | query | no | Offset |
| `limit` | query | no | Limit |
| `locate_id` | query | no | If specified, "offset" parameter will be ignored                                             and the page containing entity with this Id will be returned. |
| `with` | query | no | With parameters |
| `mode` | query | no | Determines the detail level of the response body. |

**Responses:**

| Code | Description |
|------|-------------|
| 200 | Upload sessions retrieved successfully. |
| 490 | Request blocked by WAF |

**Response Examples:**

**200 (UploadSessionList):**

```json
{
  "data": [
    {
      "id": 101,
      "userId": 42,
      "timestamp": "2024-03-01T10:00:00+00:00",
      "uploadedSize": 1048576,
      "uploadedChunks": 1,
      "error": null,
      "finished": false,
      "fileUrl": null
    }
  ],
  "metadata": {
    "total": 1,
    "limit": 50,
    "offset": 0
  }
}
```

**Code Samples:**

**cURL:**

```shell
curl -X GET \
  "https://{instance}.kiteworks.com/rest/uploads" \
  -H "Authorization: Bearer YOUR_TOKEN"
```

**Python:**

```python
import requests

url = "https://{instance}.kiteworks.com/rest/uploads"
headers = {
    "Authorization": "Bearer YOUR_TOKEN",
}
response = requests.get(url, headers=headers)
print(response.json())
```

---

## GET /rest/uploads/config

**Summary:** Get upload server configuration

Returns the configuration of the upload server, including its active status and the maximum allowed chunk size.
**Responses:**

| Code | Description |
|------|-------------|
| 200 | Upload server configuration retrieved successfully. |
| 490 | Request blocked by WAF |

**Response Examples:**

**200 (AcfsConfigInfo):**

```json
{
  "active": 1,
  "uploadChunkMax": 10485760
}
```

**Code Samples:**

**cURL:**

```shell
curl -X GET \
  "https://{instance}.kiteworks.com/rest/uploads/config" \
  -H "Authorization: Bearer YOUR_TOKEN"
```

**Python:**

```python
import requests

url = "https://{instance}.kiteworks.com/rest/uploads/config"
headers = {
    "Authorization": "Bearer YOUR_TOKEN",
}
response = requests.get(url, headers=headers)
print(response.json())
```

---

## GET /rest/uploads/{id}

**Summary:** Get upload session

Returns the details of the specified upload session, including its progress, file size, chunk counts, and upload URI.

**Parameters:**

| Name | In | Required | Description |
|------|----|----------|-------------|
| `id` | path | yes | The unique identifier of the upload session |
| `with` | query | no | With parameters |
| `mode` | query | no | Determines the detail level of the response body. |

**Responses:**

| Code | Description |
|------|-------------|
| 200 | Upload session details retrieved successfully. |
| 490 | Request blocked by WAF |

**Response Examples:**

**200 (UploadSessionInfo):**

```json
{
  "id": 101,
  "userId": 42,
  "timestamp": "2024-03-01T10:00:00+00:00",
  "uploadedSize": 1048576,
  "uploadedChunks": 1,
  "error": null,
  "finished": false,
  "fileUrl": null
}
```

**Code Samples:**

**cURL:**

```shell
curl -X GET \
  "https://{instance}.kiteworks.com/rest/uploads/:id" \
  -H "Authorization: Bearer YOUR_TOKEN"
```

**Python:**

```python
import requests

id = "VALUE"  # The unique identifier of the upload session

url = f"https://{{instance}}.kiteworks.com/rest/uploads/{id}"
headers = {
    "Authorization": "Bearer YOUR_TOKEN",
}
response = requests.get(url, headers=headers)
print(response.json())
```

---

## DELETE /rest/uploads/{id}

**Summary:** Terminate upload session

Terminates the specified upload session and discards any uploaded chunks. If the session resides on a different upload node, the termination request is forwarded to that node.

**Parameters:**

| Name | In | Required | Description |
|------|----|----------|-------------|
| `id` | path | yes | The unique identifier of the upload session. |

**Responses:**

| Code | Description |
|------|-------------|
| 204 | Upload session terminated successfully. |
| 490 | Request blocked by WAF |

**Code Samples:**

**cURL:**

```shell
curl -X DELETE \
  "https://{instance}.kiteworks.com/rest/uploads/:id" \
  -H "Authorization: Bearer YOUR_TOKEN"
```

**Python:**

```python
import requests

id = "VALUE"  # The unique identifier of the upload session.

url = f"https://{{instance}}.kiteworks.com/rest/uploads/{id}"
headers = {
    "Authorization": "Bearer YOUR_TOKEN",
}
response = requests.delete(url, headers=headers)
print(response.json())
```

---

## POST /rest/folders/{id}/actions/initiateUpload/zip

**Summary:** Initiate a ZIP archive upload session for a folder

### Description:
  Creates an upload session for a ZIP archive to be uploaded to the specified folder. The archive will be automatically extracted after all chunks are received. Once the session is created, an upload link is returned which can be used to upload the archive in chunks.
### Precondition:
  The user must have `file_add` permission for the folder.
### Response:
  The upload session is created and an upload link is returned for subsequent chunk uploads.

**Parameters:**

| Name | In | Required | Description |
|------|----|----------|-------------|
| `id` | path | yes | The unique identifier (UUID) of the entity. |

**Request Body:**

| Property | Type | Required | Description |
|----------|------|----------|-------------|
| `filename` | string | yes | Name of the file to be uploaded. |
| `totalSize` | integer | no | Total size of the file to be uploaded, in bytes. |
| `totalChunks` | integer | no | Total number of chunks the file will be split into. Must be at least 1. |
| `clientCreated` | string | no | File creation timestamp as reported by the client (e.g. from the OS or browser). |
| `clientModified` | string | no | File last-modified timestamp as reported by the client (e.g. from the OS or browser). |
| `proximateHost` | string | no | Proximate hostname used to direct client uploads to the nearest available storage endpoint. |
| `tracking_id` | string | no | Tracking ID for correlating the upload with an external transfer |
| `resume` | boolean | no | Indicates whether this is a resumption of a previously interrupted upload. Only applicable when a file with the same name already exists. Currently used internally for SFTP transfers only. |
| `uncompressedSize` | integer | yes | Total uncompressed size of the archive file, in bytes. |

**Responses:**

| Code | Description |
|------|-------------|
| 201 | Upload session successfully created and an upload link returned. |
| 400 | Bad Request  <i>Possible error codes: </i>ERR_REQUEST_INVALID_JSON |
| 401 | Unauthorized  <i>Possible error codes: </i>ERR_AUTH_INVALID_CSRF, ERR_AUTH_UNAUTHORIZED |
| 403 | Forbidden  <i>Possible error codes: </i>ERR_ACCESS_USER, ERR_ENTITY_DLP_LOCKED, ERR_ENTITY_IS_BASE_DIR, ERR_ENTITY_NOT_SCANNED, ERR_ENTITY_RESTRICTED_EXTENSION, ERR_ENTITY_VIRUS_FOUND |
| 413 | Content Too Large  <i>Possible error codes: </i>ERR_SYSTEM_NO_STORAGE_AVAILABLE |
| 422 | Unprocessable Content  <i>Possible error codes: </i>ERR_INPUT_INVALID_DATE, ERR_INPUT_INVALID_FORMAT, ERR_INPUT_MAX_VALUE, ERR_INPUT_MIN_VALUE, ERR_INVALID_PARAMETER, ERR_SYSTEM_NO_STORAGE_AVAILABLE, ERR_SYSTEM_NO_AVAILABLE_STORAGE_HOSTS |
| 490 | Request blocked by WAF |

**Response Examples:**

**400 (ERR_REQUEST_INVALID_JSON):**

```json
{
  "errors": [
    {
      "code": "ERR_REQUEST_INVALID_JSON",
      "message": "Invalid json provided"
    }
  ]
}
```

**401 (ERR_AUTH_INVALID_CSRF):**

```json
{
  "errors": [
    {
      "code": "ERR_AUTH_INVALID_CSRF",
      "message": "Invalid CSRF Authentication"
    }
  ]
}
```

**401 (ERR_AUTH_UNAUTHORIZED):**

```json
{
  "errors": [
    {
      "code": "ERR_AUTH_UNAUTHORIZED",
      "message": "Unauthorized"
    }
  ]
}
```

**403 (ERR_ACCESS_USER):**

```json
{
  "errors": [
    {
      "code": "ERR_ACCESS_USER",
      "message": "Insufficient access permissions"
    }
  ]
}
```

**403 (ERR_ENTITY_DLP_LOCKED):**

```json
{
  "errors": [
    {
      "code": "ERR_ENTITY_DLP_LOCKED",
      "message": "One or more files have been quarantined and are not available to download. Please contact your administrator for assistance."
    }
  ]
}
```

**403 (ERR_ENTITY_IS_BASE_DIR):**

```json
{
  "errors": [
    {
      "code": "ERR_ENTITY_IS_BASE_DIR",
      "message": "Operation not permitted on Base Folder"
    }
  ]
}
```

**403 (ERR_ENTITY_NOT_SCANNED):**

```json
{
  "errors": [
    {
      "code": "ERR_ENTITY_NOT_SCANNED",
      "message": "One or more files are undergoing security and privacy scans. Please try again later."
    }
  ]
}
```

**403 (ERR_ENTITY_RESTRICTED_EXTENSION):**

```json
{
  "errors": [
    {
      "code": "ERR_ENTITY_RESTRICTED_EXTENSION",
      "message": "File extension is in exclusion extensions list"
    }
  ]
}
```

**403 (ERR_ENTITY_VIRUS_FOUND):**

```json
{
  "errors": [
    {
      "code": "ERR_ENTITY_VIRUS_FOUND",
      "message": "File is infected"
    }
  ]
}
```

**413 (ERR_SYSTEM_NO_STORAGE_AVAILABLE):**

```json
{
  "errors": [
    {
      "code": "ERR_SYSTEM_NO_STORAGE_AVAILABLE",
      "message": "Folder owner's remaining storage quota does not permit for a file upload of this size."
    }
  ]
}
```

**422 (ERR_INPUT_INVALID_DATE):**

```json
{
  "errors": [
    {
      "code": "ERR_INPUT_INVALID_DATE",
      "message": "The input is not a valid date."
    }
  ]
}
```

**422 (ERR_INPUT_INVALID_FORMAT):**

```json
{
  "errors": [
    {
      "code": "ERR_INPUT_INVALID_FORMAT",
      "message": "The input is invalid."
    }
  ]
}
```

**422 (ERR_INPUT_MAX_VALUE):**

```json
{
  "errors": [
    {
      "code": "ERR_INPUT_MAX_VALUE",
      "message": "The specified input exceed the maximum allowed value."
    }
  ]
}
```

**422 (ERR_INPUT_MIN_VALUE):**

```json
{
  "errors": [
    {
      "code": "ERR_INPUT_MIN_VALUE",
      "message": "The specified input below the minimum allowed value."
    }
  ]
}
```

**422 (ERR_INVALID_PARAMETER):**

```json
{
  "errors": [
    {
      "code": "ERR_INVALID_PARAMETER",
      "message": "Invalid Parameter Exception"
    }
  ]
}
```

**422 (ERR_SYSTEM_NO_STORAGE_AVAILABLE):**

```json
{
  "errors": [
    {
      "code": "ERR_SYSTEM_NO_STORAGE_AVAILABLE",
      "message": "Folder owner's remaining storage quota does not permit for a file upload of this size."
    }
  ]
}
```

**422 (ERR_SYSTEM_NO_AVAILABLE_STORAGE_HOSTS):**

```json
{
  "errors": [
    {
      "code": "ERR_SYSTEM_NO_AVAILABLE_STORAGE_HOSTS",
      "message": "No available storage hosts"
    }
  ]
}
```

**Code Samples:**

**cURL:**

```shell
curl -X POST \
  "https://{instance}.kiteworks.com/rest/folders/:id/actions/initiateUpload/zip" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
         "filename": "string",
         "totalSize": 1,
         "totalChunks": 1,
         "clientCreated": "2024-01-15",
         "clientModified": "2024-01-15",
         "proximateHost": "string"
       }'
```

**Python:**

```python
import requests

id = "VALUE"  # The unique identifier (UUID) of the entity.

url = f"https://{{instance}}.kiteworks.com/rest/folders/{id}/actions/initiateUpload/zip"
headers = {
    "Authorization": "Bearer YOUR_TOKEN",
    "Content-Type": "application/json",
}
payload = {
  "filename": "string",
  "totalSize": 1,
  "totalChunks": 1,
  "clientCreated": "2024-01-15",
  "clientModified": "2024-01-15",
  "proximateHost": "string"
}
response = requests.post(url, headers=headers, json=payload)
print(response.json())
```

---

## POST /rest/folders/{id}/actions/initiateUpload

**Summary:** Initiate a file upload session for a folder

### Description:
  Creates an upload session for a file to be added to the specified folder. Once the session is created, an upload link is returned which can be used to upload the file in chunks.
### Precondition:
  The user must have `file_add` permission for the folder.
### Response:
  The upload session is created and an upload link is returned for subsequent chunk uploads.

**Parameters:**

| Name | In | Required | Description |
|------|----|----------|-------------|
| `id` | path | yes | The unique identifier (UUID) of the entity. |

**Request Body:**

| Property | Type | Required | Description |
|----------|------|----------|-------------|
| `filename` | string | yes | Name of the file to be uploaded. |
| `totalSize` | integer | no | Total size of the file to be uploaded, in bytes. |
| `totalChunks` | integer | no | Total number of chunks the file will be split into. Must be at least 1. |
| `clientCreated` | string | no | File creation timestamp as reported by the client (e.g. from the OS or browser). |
| `clientModified` | string | no | File last-modified timestamp as reported by the client (e.g. from the OS or browser). |
| `proximateHost` | string | no | Proximate hostname used to direct client uploads to the nearest available storage endpoint. |
| `tracking_id` | string | no | Tracking ID for correlating the upload with an external transfer |
| `resume` | boolean | no | Indicates whether this is a resumption of a previously interrupted upload. Only applicable when a file with the same name already exists. Currently used internally for SFTP transfers only. |

**Responses:**

| Code | Description |
|------|-------------|
| 201 | Upload session successfully created and an upload link returned. |
| 400 | Bad Request  <i>Possible error codes: </i>ERR_REQUEST_INVALID_JSON |
| 401 | Unauthorized  <i>Possible error codes: </i>ERR_AUTH_INVALID_CSRF, ERR_AUTH_UNAUTHORIZED |
| 403 | Forbidden  <i>Possible error codes: </i>ERR_ACCESS_USER, ERR_ENTITY_DLP_LOCKED, ERR_ENTITY_IS_BASE_DIR, ERR_ENTITY_NOT_SCANNED, ERR_ENTITY_RESTRICTED_EXTENSION, ERR_ENTITY_VIRUS_FOUND |
| 413 | Content Too Large  <i>Possible error codes: </i>ERR_SYSTEM_NO_STORAGE_AVAILABLE |
| 422 | Unprocessable Content  <i>Possible error codes: </i>ERR_INPUT_INVALID_DATE, ERR_INPUT_INVALID_FORMAT, ERR_INPUT_MAX_VALUE, ERR_INPUT_MIN_VALUE, ERR_INVALID_PARAMETER, ERR_SYSTEM_NO_STORAGE_AVAILABLE, ERR_SYSTEM_NO_AVAILABLE_STORAGE_HOSTS |
| 490 | Request blocked by WAF |

**Response Examples:**

**400 (ERR_REQUEST_INVALID_JSON):**

```json
{
  "errors": [
    {
      "code": "ERR_REQUEST_INVALID_JSON",
      "message": "Invalid json provided"
    }
  ]
}
```

**401 (ERR_AUTH_INVALID_CSRF):**

```json
{
  "errors": [
    {
      "code": "ERR_AUTH_INVALID_CSRF",
      "message": "Invalid CSRF Authentication"
    }
  ]
}
```

**401 (ERR_AUTH_UNAUTHORIZED):**

```json
{
  "errors": [
    {
      "code": "ERR_AUTH_UNAUTHORIZED",
      "message": "Unauthorized"
    }
  ]
}
```

**403 (ERR_ACCESS_USER):**

```json
{
  "errors": [
    {
      "code": "ERR_ACCESS_USER",
      "message": "Insufficient access permissions"
    }
  ]
}
```

**403 (ERR_ENTITY_DLP_LOCKED):**

```json
{
  "errors": [
    {
      "code": "ERR_ENTITY_DLP_LOCKED",
      "message": "One or more files have been quarantined and are not available to download. Please contact your administrator for assistance."
    }
  ]
}
```

**403 (ERR_ENTITY_IS_BASE_DIR):**

```json
{
  "errors": [
    {
      "code": "ERR_ENTITY_IS_BASE_DIR",
      "message": "Operation not permitted on Base Folder"
    }
  ]
}
```

**403 (ERR_ENTITY_NOT_SCANNED):**

```json
{
  "errors": [
    {
      "code": "ERR_ENTITY_NOT_SCANNED",
      "message": "One or more files are undergoing security and privacy scans. Please try again later."
    }
  ]
}
```

**403 (ERR_ENTITY_RESTRICTED_EXTENSION):**

```json
{
  "errors": [
    {
      "code": "ERR_ENTITY_RESTRICTED_EXTENSION",
      "message": "File extension is in exclusion extensions list"
    }
  ]
}
```

**403 (ERR_ENTITY_VIRUS_FOUND):**

```json
{
  "errors": [
    {
      "code": "ERR_ENTITY_VIRUS_FOUND",
      "message": "File is infected"
    }
  ]
}
```

**413 (ERR_SYSTEM_NO_STORAGE_AVAILABLE):**

```json
{
  "errors": [
    {
      "code": "ERR_SYSTEM_NO_STORAGE_AVAILABLE",
      "message": "Folder owner's remaining storage quota does not permit for a file upload of this size."
    }
  ]
}
```

**422 (ERR_INPUT_INVALID_DATE):**

```json
{
  "errors": [
    {
      "code": "ERR_INPUT_INVALID_DATE",
      "message": "The input is not a valid date."
    }
  ]
}
```

**422 (ERR_INPUT_INVALID_FORMAT):**

```json
{
  "errors": [
    {
      "code": "ERR_INPUT_INVALID_FORMAT",
      "message": "The input is invalid."
    }
  ]
}
```

**422 (ERR_INPUT_MAX_VALUE):**

```json
{
  "errors": [
    {
      "code": "ERR_INPUT_MAX_VALUE",
      "message": "The specified input exceed the maximum allowed value."
    }
  ]
}
```

**422 (ERR_INPUT_MIN_VALUE):**

```json
{
  "errors": [
    {
      "code": "ERR_INPUT_MIN_VALUE",
      "message": "The specified input below the minimum allowed value."
    }
  ]
}
```

**422 (ERR_INVALID_PARAMETER):**

```json
{
  "errors": [
    {
      "code": "ERR_INVALID_PARAMETER",
      "message": "Invalid Parameter Exception"
    }
  ]
}
```

**422 (ERR_SYSTEM_NO_STORAGE_AVAILABLE):**

```json
{
  "errors": [
    {
      "code": "ERR_SYSTEM_NO_STORAGE_AVAILABLE",
      "message": "Folder owner's remaining storage quota does not permit for a file upload of this size."
    }
  ]
}
```

**422 (ERR_SYSTEM_NO_AVAILABLE_STORAGE_HOSTS):**

```json
{
  "errors": [
    {
      "code": "ERR_SYSTEM_NO_AVAILABLE_STORAGE_HOSTS",
      "message": "No available storage hosts"
    }
  ]
}
```

**Code Samples:**

**cURL:**

```shell
curl -X POST \
  "https://{instance}.kiteworks.com/rest/folders/:id/actions/initiateUpload" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
         "filename": "string",
         "totalSize": 1,
         "totalChunks": 1,
         "clientCreated": "2024-01-15",
         "clientModified": "2024-01-15",
         "proximateHost": "string"
       }'
```

**Python:**

```python
import requests

id = "VALUE"  # The unique identifier (UUID) of the entity.

url = f"https://{{instance}}.kiteworks.com/rest/folders/{id}/actions/initiateUpload"
headers = {
    "Authorization": "Bearer YOUR_TOKEN",
    "Content-Type": "application/json",
}
payload = {
  "filename": "string",
  "totalSize": 1,
  "totalChunks": 1,
  "clientCreated": "2024-01-15",
  "clientModified": "2024-01-15",
  "proximateHost": "string"
}
response = requests.post(url, headers=headers, json=payload)
print(response.json())
```

---

## POST /rest/requestFile/{ref}/actions/initiateUpload

**Summary:** Initiate a file upload session for a request file

### Description:
  Creates an upload session for a file to be uploaded to a request file. Once the session is created, an upload link is returned which can be used to upload the file in chunks.
### Precondition:
  The caller must have access to the request file for uploading.
### Response:
  The upload session is created and an upload link is returned for subsequent chunk uploads.

**Parameters:**

| Name | In | Required | Description |
|------|----|----------|-------------|
| `ref` | path | yes | The unique reference of the Request File upload link. |

**Request Body:**

| Property | Type | Required | Description |
|----------|------|----------|-------------|
| `filename` | string | yes | Name of the file to be uploaded. |
| `totalSize` | integer | no | Total size of the file to be uploaded, in bytes. |
| `totalChunks` | integer | no | Total number of chunks the file will be split into. Must be at least 1. |
| `clientCreated` | string | no | File creation timestamp as reported by the client (e.g. from the OS or browser). |
| `clientModified` | string | no | File last-modified timestamp as reported by the client (e.g. from the OS or browser). |
| `proximateHost` | string | no | Proximate hostname used to direct client uploads to the nearest available storage endpoint. |
| `tracking_id` | string | no | Tracking ID for correlating the upload with an external transfer |
| `resume` | boolean | no | Indicates whether this is a resumption of a previously interrupted upload. Only applicable when a file with the same name already exists. Currently used internally for SFTP transfers only. |

**Responses:**

| Code | Description |
|------|-------------|
| 201 | Upload session successfully created and an upload link returned. |
| 400 | Bad Request  <i>Possible error codes: </i>ERR_REQUEST_INVALID_JSON |
| 401 | Unauthorized  <i>Possible error codes: </i>ERR_AUTH_INVALID_CSRF, ERR_AUTH_UNAUTHORIZED |
| 403 | Forbidden  <i>Possible error codes: </i>ERR_ACCESS_USER, ERR_ENTITY_IS_BASE_DIR, ERR_ENTITY_REQUEST_FILE_UPLOAD_LIMIT_REACHED, ERR_ENTITY_RESTRICTED_EXTENSION |
| 413 | Content Too Large  <i>Possible error codes: </i>ERR_SYSTEM_NO_STORAGE_AVAILABLE |
| 422 | Unprocessable Content  <i>Possible error codes: </i>ERR_INPUT_INVALID_DATE, ERR_INPUT_INVALID_FORMAT, ERR_INPUT_MAX_VALUE, ERR_INPUT_MIN_VALUE, ERR_INVALID_PARAMETER, ERR_SYSTEM_NO_AVAILABLE_STORAGE_HOSTS |
| 490 | Request blocked by WAF |

**Response Examples:**

**400 (ERR_REQUEST_INVALID_JSON):**

```json
{
  "errors": [
    {
      "code": "ERR_REQUEST_INVALID_JSON",
      "message": "Invalid json provided"
    }
  ]
}
```

**401 (ERR_AUTH_INVALID_CSRF):**

```json
{
  "errors": [
    {
      "code": "ERR_AUTH_INVALID_CSRF",
      "message": "Invalid CSRF Authentication"
    }
  ]
}
```

**401 (ERR_AUTH_UNAUTHORIZED):**

```json
{
  "errors": [
    {
      "code": "ERR_AUTH_UNAUTHORIZED",
      "message": "Unauthorized"
    }
  ]
}
```

**403 (ERR_ACCESS_USER):**

```json
{
  "errors": [
    {
      "code": "ERR_ACCESS_USER",
      "message": "Insufficient access permissions"
    }
  ]
}
```

**403 (ERR_ENTITY_IS_BASE_DIR):**

```json
{
  "errors": [
    {
      "code": "ERR_ENTITY_IS_BASE_DIR",
      "message": "Operation not permitted on Base Folder"
    }
  ]
}
```

**403 (ERR_ENTITY_REQUEST_FILE_UPLOAD_LIMIT_REACHED):**

```json
{
  "errors": [
    {
      "code": "ERR_ENTITY_REQUEST_FILE_UPLOAD_LIMIT_REACHED",
      "message": "Upload limit has reached."
    }
  ]
}
```

**403 (ERR_ENTITY_RESTRICTED_EXTENSION):**

```json
{
  "errors": [
    {
      "code": "ERR_ENTITY_RESTRICTED_EXTENSION",
      "message": "File extension is in exclusion extensions list"
    }
  ]
}
```

**413 (ERR_SYSTEM_NO_STORAGE_AVAILABLE):**

```json
{
  "errors": [
    {
      "code": "ERR_SYSTEM_NO_STORAGE_AVAILABLE",
      "message": "Folder owner's remaining storage quota does not permit for a file upload of this size."
    }
  ]
}
```

**422 (ERR_INPUT_INVALID_DATE):**

```json
{
  "errors": [
    {
      "code": "ERR_INPUT_INVALID_DATE",
      "message": "The input is not a valid date."
    }
  ]
}
```

**422 (ERR_INPUT_INVALID_FORMAT):**

```json
{
  "errors": [
    {
      "code": "ERR_INPUT_INVALID_FORMAT",
      "message": "The input is invalid."
    }
  ]
}
```

**422 (ERR_INPUT_MAX_VALUE):**

```json
{
  "errors": [
    {
      "code": "ERR_INPUT_MAX_VALUE",
      "message": "The specified input exceed the maximum allowed value."
    }
  ]
}
```

**422 (ERR_INPUT_MIN_VALUE):**

```json
{
  "errors": [
    {
      "code": "ERR_INPUT_MIN_VALUE",
      "message": "The specified input below the minimum allowed value."
    }
  ]
}
```

**422 (ERR_INVALID_PARAMETER):**

```json
{
  "errors": [
    {
      "code": "ERR_INVALID_PARAMETER",
      "message": "Invalid Parameter Exception"
    }
  ]
}
```

**422 (ERR_SYSTEM_NO_AVAILABLE_STORAGE_HOSTS):**

```json
{
  "errors": [
    {
      "code": "ERR_SYSTEM_NO_AVAILABLE_STORAGE_HOSTS",
      "message": "No available storage hosts"
    }
  ]
}
```

**Code Samples:**

**cURL:**

```shell
curl -X POST \
  "https://{instance}.kiteworks.com/rest/requestFile/:ref/actions/initiateUpload" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
         "filename": "string",
         "totalSize": 1,
         "totalChunks": 1,
         "clientCreated": "2024-01-15",
         "clientModified": "2024-01-15",
         "proximateHost": "string"
       }'
```

**Python:**

```python
import requests

ref = "VALUE"  # The unique reference of the Request File upload link.

url = f"https://{{instance}}.kiteworks.com/rest/requestFile/{ref}/actions/initiateUpload"
headers = {
    "Authorization": "Bearer YOUR_TOKEN",
    "Content-Type": "application/json",
}
payload = {
  "filename": "string",
  "totalSize": 1,
  "totalChunks": 1,
  "clientCreated": "2024-01-15",
  "clientModified": "2024-01-15",
  "proximateHost": "string"
}
response = requests.post(url, headers=headers, json=payload)
print(response.json())
```

---

## POST /rest/mail/{id}/actions/initiateUpload

**Summary:** Initiate a file upload session for an email attachment

### Description:
  Creates an upload session for a file to be attached to an email. Once the session is created, an upload link is returned which can be used to upload the attachment in chunks.
### Precondition:
  The user must be the sender of the email.
### Response:
  The upload session is created and an upload link is returned for subsequent chunk uploads.

**Parameters:**

| Name | In | Required | Description |
|------|----|----------|-------------|
| `id` | path | yes | The unique identifier (UUID) of the email. |

**Request Body:**

| Property | Type | Required | Description |
|----------|------|----------|-------------|
| `filename` | string | yes | Name of the file to be uploaded. |
| `totalSize` | integer | no | Total size of the file to be uploaded, in bytes. |
| `totalChunks` | integer | no | Total number of chunks the file will be split into. Must be at least 1. |
| `clientCreated` | string | no | File creation timestamp as reported by the client (e.g. from the OS or browser). |
| `clientModified` | string | no | File last-modified timestamp as reported by the client (e.g. from the OS or browser). |
| `proximateHost` | string | no | Proximate hostname used to direct client uploads to the nearest available storage endpoint. |
| `tracking_id` | string | no | Tracking ID for correlating the upload with an external transfer |
| `resume` | boolean | no | Indicates whether this is a resumption of a previously interrupted upload. Only applicable when a file with the same name already exists. Currently used internally for SFTP transfers only. |

**Responses:**

| Code | Description |
|------|-------------|
| 201 | Upload session successfully created and an upload link returned. |
| 400 | Bad Request  <i>Possible error codes: </i>ERR_REQUEST_INVALID_JSON |
| 401 | Unauthorized  <i>Possible error codes: </i>ERR_AUTH_INVALID_CSRF, ERR_AUTH_UNAUTHORIZED |
| 403 | Forbidden  <i>Possible error codes: </i>ERR_ACCESS_USER, ERR_ENTITY_IS_BASE_DIR, ERR_ENTITY_RESTRICTED_EXTENSION |
| 413 | Content Too Large  <i>Possible error codes: </i>ERR_SYSTEM_NO_STORAGE_AVAILABLE |
| 422 | Unprocessable Content  <i>Possible error codes: </i>ERR_INPUT_INVALID_DATE, ERR_INPUT_INVALID_FORMAT, ERR_INPUT_MAX_VALUE, ERR_INPUT_MIN_VALUE, ERR_INVALID_PARAMETER, ERR_SYSTEM_NO_AVAILABLE_STORAGE_HOSTS |
| 490 | Request blocked by WAF |

**Response Examples:**

**400 (ERR_REQUEST_INVALID_JSON):**

```json
{
  "errors": [
    {
      "code": "ERR_REQUEST_INVALID_JSON",
      "message": "Invalid json provided"
    }
  ]
}
```

**401 (ERR_AUTH_INVALID_CSRF):**

```json
{
  "errors": [
    {
      "code": "ERR_AUTH_INVALID_CSRF",
      "message": "Invalid CSRF Authentication"
    }
  ]
}
```

**401 (ERR_AUTH_UNAUTHORIZED):**

```json
{
  "errors": [
    {
      "code": "ERR_AUTH_UNAUTHORIZED",
      "message": "Unauthorized"
    }
  ]
}
```

**403 (ERR_ACCESS_USER):**

```json
{
  "errors": [
    {
      "code": "ERR_ACCESS_USER",
      "message": "Insufficient access permissions"
    }
  ]
}
```

**403 (ERR_ENTITY_IS_BASE_DIR):**

```json
{
  "errors": [
    {
      "code": "ERR_ENTITY_IS_BASE_DIR",
      "message": "Operation not permitted on Base Folder"
    }
  ]
}
```

**403 (ERR_ENTITY_RESTRICTED_EXTENSION):**

```json
{
  "errors": [
    {
      "code": "ERR_ENTITY_RESTRICTED_EXTENSION",
      "message": "File extension is in exclusion extensions list"
    }
  ]
}
```

**413 (ERR_SYSTEM_NO_STORAGE_AVAILABLE):**

```json
{
  "errors": [
    {
      "code": "ERR_SYSTEM_NO_STORAGE_AVAILABLE",
      "message": "Folder owner's remaining storage quota does not permit for a file upload of this size."
    }
  ]
}
```

**422 (ERR_INPUT_INVALID_DATE):**

```json
{
  "errors": [
    {
      "code": "ERR_INPUT_INVALID_DATE",
      "message": "The input is not a valid date."
    }
  ]
}
```

**422 (ERR_INPUT_INVALID_FORMAT):**

```json
{
  "errors": [
    {
      "code": "ERR_INPUT_INVALID_FORMAT",
      "message": "The input is invalid."
    }
  ]
}
```

**422 (ERR_INPUT_MAX_VALUE):**

```json
{
  "errors": [
    {
      "code": "ERR_INPUT_MAX_VALUE",
      "message": "The specified input exceed the maximum allowed value."
    }
  ]
}
```

**422 (ERR_INPUT_MIN_VALUE):**

```json
{
  "errors": [
    {
      "code": "ERR_INPUT_MIN_VALUE",
      "message": "The specified input below the minimum allowed value."
    }
  ]
}
```

**422 (ERR_INVALID_PARAMETER):**

```json
{
  "errors": [
    {
      "code": "ERR_INVALID_PARAMETER",
      "message": "Invalid Parameter Exception"
    }
  ]
}
```

**422 (ERR_SYSTEM_NO_AVAILABLE_STORAGE_HOSTS):**

```json
{
  "errors": [
    {
      "code": "ERR_SYSTEM_NO_AVAILABLE_STORAGE_HOSTS",
      "message": "No available storage hosts"
    }
  ]
}
```

**Code Samples:**

**cURL:**

```shell
curl -X POST \
  "https://{instance}.kiteworks.com/rest/mail/:id/actions/initiateUpload" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
         "filename": "string",
         "totalSize": 1,
         "totalChunks": 1,
         "clientCreated": "2024-01-15",
         "clientModified": "2024-01-15",
         "proximateHost": "string"
       }'
```

**Python:**

```python
import requests

id = "VALUE"  # The unique identifier (UUID) of the email.

url = f"https://{{instance}}.kiteworks.com/rest/mail/{id}/actions/initiateUpload"
headers = {
    "Authorization": "Bearer YOUR_TOKEN",
    "Content-Type": "application/json",
}
payload = {
  "filename": "string",
  "totalSize": 1,
  "totalChunks": 1,
  "clientCreated": "2024-01-15",
  "clientModified": "2024-01-15",
  "proximateHost": "string"
}
response = requests.post(url, headers=headers, json=payload)
print(response.json())
```

---

## POST /rest/public/mail/{id}/actions/initiateUpload

**Summary:** Initiate an unauthenticated file upload session for an email attachment

### Description:
  Creates an upload session for a file to be attached to an email, without requiring full authentication. Once the session is created, an upload link is returned which can be used to upload the attachment in chunks.
### Precondition:
  The caller must have a valid unauthenticated access context for the specified email.
### Response:
  The upload session is created and an upload link is returned for subsequent chunk uploads.

**Parameters:**

| Name | In | Required | Description |
|------|----|----------|-------------|
| `id` | path | yes | The unique identifier (UUID) of the email. |

**Request Body:**

| Property | Type | Required | Description |
|----------|------|----------|-------------|
| `filename` | string | yes | Name of the file to be uploaded. |
| `totalSize` | integer | no | Total size of the file to be uploaded, in bytes. |
| `totalChunks` | integer | no | Total number of chunks the file will be split into. Must be at least 1. |
| `clientCreated` | string | no | File creation timestamp as reported by the client (e.g. from the OS or browser). |
| `clientModified` | string | no | File last-modified timestamp as reported by the client (e.g. from the OS or browser). |
| `proximateHost` | string | no | Proximate hostname used to direct client uploads to the nearest available storage endpoint. |
| `tracking_id` | string | no | Tracking ID for correlating the upload with an external transfer |
| `resume` | boolean | no | Indicates whether this is a resumption of a previously interrupted upload. Only applicable when a file with the same name already exists. Currently used internally for SFTP transfers only. |

**Responses:**

| Code | Description |
|------|-------------|
| 201 | Upload session successfully created and an upload link returned. |
| 400 | Bad Request  <i>Possible error codes: </i>ERR_REQUEST_INVALID_JSON |
| 401 | Unauthorized  <i>Possible error codes: </i>ERR_AUTH_INVALID_CSRF, ERR_AUTH_UNAUTHORIZED |
| 403 | Forbidden  <i>Possible error codes: </i>ERR_ACCESS_USER, ERR_ENTITY_IS_BASE_DIR, ERR_ENTITY_RESTRICTED_EXTENSION |
| 413 | Content Too Large  <i>Possible error codes: </i>ERR_SYSTEM_NO_STORAGE_AVAILABLE |
| 422 | Unprocessable Content  <i>Possible error codes: </i>ERR_INPUT_INVALID_DATE, ERR_INPUT_INVALID_FORMAT, ERR_INPUT_MAX_VALUE, ERR_INPUT_MIN_VALUE, ERR_INVALID_PARAMETER, ERR_SYSTEM_NO_AVAILABLE_STORAGE_HOSTS |
| 490 | Request blocked by WAF |

**Response Examples:**

**400 (ERR_REQUEST_INVALID_JSON):**

```json
{
  "errors": [
    {
      "code": "ERR_REQUEST_INVALID_JSON",
      "message": "Invalid json provided"
    }
  ]
}
```

**401 (ERR_AUTH_INVALID_CSRF):**

```json
{
  "errors": [
    {
      "code": "ERR_AUTH_INVALID_CSRF",
      "message": "Invalid CSRF Authentication"
    }
  ]
}
```

**401 (ERR_AUTH_UNAUTHORIZED):**

```json
{
  "errors": [
    {
      "code": "ERR_AUTH_UNAUTHORIZED",
      "message": "Unauthorized"
    }
  ]
}
```

**403 (ERR_ACCESS_USER):**

```json
{
  "errors": [
    {
      "code": "ERR_ACCESS_USER",
      "message": "Insufficient access permissions"
    }
  ]
}
```

**403 (ERR_ENTITY_IS_BASE_DIR):**

```json
{
  "errors": [
    {
      "code": "ERR_ENTITY_IS_BASE_DIR",
      "message": "Operation not permitted on Base Folder"
    }
  ]
}
```

**403 (ERR_ENTITY_RESTRICTED_EXTENSION):**

```json
{
  "errors": [
    {
      "code": "ERR_ENTITY_RESTRICTED_EXTENSION",
      "message": "File extension is in exclusion extensions list"
    }
  ]
}
```

**413 (ERR_SYSTEM_NO_STORAGE_AVAILABLE):**

```json
{
  "errors": [
    {
      "code": "ERR_SYSTEM_NO_STORAGE_AVAILABLE",
      "message": "Folder owner's remaining storage quota does not permit for a file upload of this size."
    }
  ]
}
```

**422 (ERR_INPUT_INVALID_DATE):**

```json
{
  "errors": [
    {
      "code": "ERR_INPUT_INVALID_DATE",
      "message": "The input is not a valid date."
    }
  ]
}
```

**422 (ERR_INPUT_INVALID_FORMAT):**

```json
{
  "errors": [
    {
      "code": "ERR_INPUT_INVALID_FORMAT",
      "message": "The input is invalid."
    }
  ]
}
```

**422 (ERR_INPUT_MAX_VALUE):**

```json
{
  "errors": [
    {
      "code": "ERR_INPUT_MAX_VALUE",
      "message": "The specified input exceed the maximum allowed value."
    }
  ]
}
```

**422 (ERR_INPUT_MIN_VALUE):**

```json
{
  "errors": [
    {
      "code": "ERR_INPUT_MIN_VALUE",
      "message": "The specified input below the minimum allowed value."
    }
  ]
}
```

**422 (ERR_INVALID_PARAMETER):**

```json
{
  "errors": [
    {
      "code": "ERR_INVALID_PARAMETER",
      "message": "Invalid Parameter Exception"
    }
  ]
}
```

**422 (ERR_SYSTEM_NO_AVAILABLE_STORAGE_HOSTS):**

```json
{
  "errors": [
    {
      "code": "ERR_SYSTEM_NO_AVAILABLE_STORAGE_HOSTS",
      "message": "No available storage hosts"
    }
  ]
}
```

**Code Samples:**

**cURL:**

```shell
curl -X POST \
  "https://{instance}.kiteworks.com/rest/public/mail/:id/actions/initiateUpload" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
         "filename": "string",
         "totalSize": 1,
         "totalChunks": 1,
         "clientCreated": "2024-01-15",
         "clientModified": "2024-01-15",
         "proximateHost": "string"
       }'
```

**Python:**

```python
import requests

id = "VALUE"  # The unique identifier (UUID) of the email.

url = f"https://{{instance}}.kiteworks.com/rest/public/mail/{id}/actions/initiateUpload"
headers = {
    "Authorization": "Bearer YOUR_TOKEN",
    "Content-Type": "application/json",
}
payload = {
  "filename": "string",
  "totalSize": 1,
  "totalChunks": 1,
  "clientCreated": "2024-01-15",
  "clientModified": "2024-01-15",
  "proximateHost": "string"
}
response = requests.post(url, headers=headers, json=payload)
print(response.json())
```

---

## POST /rest/files/{id}/actions/initiateUpload

**Summary:** Initiate an upload session for a new file version

### Description:
  Creates an upload session to add a new version of an existing file. Once the session is created, an upload link is returned which can be used to upload the new version in chunks.
### Precondition:
  The user must have `version_created` permission for the specified file.
### Response:
  The upload session is created and an upload link is returned for subsequent chunk uploads.

**Parameters:**

| Name | In | Required | Description |
|------|----|----------|-------------|
| `id` | path | yes | The unique identifier (UUID) of the entity. |

**Request Body:**

| Property | Type | Required | Description |
|----------|------|----------|-------------|
| `filename` | string | yes | Name of the file to be uploaded. |
| `totalSize` | integer | no | Total size of the file to be uploaded, in bytes. |
| `totalChunks` | integer | no | Total number of chunks the file will be split into. Must be at least 1. |
| `clientCreated` | string | no | File creation timestamp as reported by the client (e.g. from the OS or browser). |
| `clientModified` | string | no | File last-modified timestamp as reported by the client (e.g. from the OS or browser). |
| `proximateHost` | string | no | Proximate hostname used to direct client uploads to the nearest available storage endpoint. |
| `tracking_id` | string | no | Tracking ID for correlating the upload with an external transfer |
| `resume` | boolean | no | Indicates whether this is a resumption of a previously interrupted upload. Only applicable when a file with the same name already exists. Currently used internally for SFTP transfers only. |

**Responses:**

| Code | Description |
|------|-------------|
| 201 | Upload session successfully created and an upload link returned. |
| 400 | Bad Request  <i>Possible error codes: </i>ERR_REQUEST_INVALID_JSON |
| 401 | Unauthorized  <i>Possible error codes: </i>ERR_AUTH_INVALID_CSRF, ERR_AUTH_UNAUTHORIZED |
| 403 | Forbidden  <i>Possible error codes: </i>ERR_ACCESS_USER, ERR_ENTITY_DLP_LOCKED, ERR_ENTITY_IS_BASE_DIR, ERR_ENTITY_NOT_SCANNED, ERR_ENTITY_RESTRICTED_EXTENSION, ERR_ENTITY_VIRUS_FOUND |
| 413 | Content Too Large  <i>Possible error codes: </i>ERR_SYSTEM_NO_STORAGE_AVAILABLE |
| 422 | Unprocessable Content  <i>Possible error codes: </i>ERR_INPUT_INVALID_DATE, ERR_INPUT_INVALID_FORMAT, ERR_INPUT_MAX_VALUE, ERR_INPUT_MIN_VALUE, ERR_INVALID_PARAMETER, ERR_SYSTEM_NO_AVAILABLE_STORAGE_HOSTS |
| 490 | Request blocked by WAF |

**Response Examples:**

**400 (ERR_REQUEST_INVALID_JSON):**

```json
{
  "errors": [
    {
      "code": "ERR_REQUEST_INVALID_JSON",
      "message": "Invalid json provided"
    }
  ]
}
```

**401 (ERR_AUTH_INVALID_CSRF):**

```json
{
  "errors": [
    {
      "code": "ERR_AUTH_INVALID_CSRF",
      "message": "Invalid CSRF Authentication"
    }
  ]
}
```

**401 (ERR_AUTH_UNAUTHORIZED):**

```json
{
  "errors": [
    {
      "code": "ERR_AUTH_UNAUTHORIZED",
      "message": "Unauthorized"
    }
  ]
}
```

**403 (ERR_ACCESS_USER):**

```json
{
  "errors": [
    {
      "code": "ERR_ACCESS_USER",
      "message": "Insufficient access permissions"
    }
  ]
}
```

**403 (ERR_ENTITY_DLP_LOCKED):**

```json
{
  "errors": [
    {
      "code": "ERR_ENTITY_DLP_LOCKED",
      "message": "One or more files have been quarantined and are not available to download. Please contact your administrator for assistance."
    }
  ]
}
```

**403 (ERR_ENTITY_IS_BASE_DIR):**

```json
{
  "errors": [
    {
      "code": "ERR_ENTITY_IS_BASE_DIR",
      "message": "Operation not permitted on Base Folder"
    }
  ]
}
```

**403 (ERR_ENTITY_NOT_SCANNED):**

```json
{
  "errors": [
    {
      "code": "ERR_ENTITY_NOT_SCANNED",
      "message": "One or more files are undergoing security and privacy scans. Please try again later."
    }
  ]
}
```

**403 (ERR_ENTITY_RESTRICTED_EXTENSION):**

```json
{
  "errors": [
    {
      "code": "ERR_ENTITY_RESTRICTED_EXTENSION",
      "message": "File extension is in exclusion extensions list"
    }
  ]
}
```

**403 (ERR_ENTITY_VIRUS_FOUND):**

```json
{
  "errors": [
    {
      "code": "ERR_ENTITY_VIRUS_FOUND",
      "message": "File is infected"
    }
  ]
}
```

**413 (ERR_SYSTEM_NO_STORAGE_AVAILABLE):**

```json
{
  "errors": [
    {
      "code": "ERR_SYSTEM_NO_STORAGE_AVAILABLE",
      "message": "Folder owner's remaining storage quota does not permit for a file upload of this size."
    }
  ]
}
```

**422 (ERR_INPUT_INVALID_DATE):**

```json
{
  "errors": [
    {
      "code": "ERR_INPUT_INVALID_DATE",
      "message": "The input is not a valid date."
    }
  ]
}
```

**422 (ERR_INPUT_INVALID_FORMAT):**

```json
{
  "errors": [
    {
      "code": "ERR_INPUT_INVALID_FORMAT",
      "message": "The input is invalid."
    }
  ]
}
```

**422 (ERR_INPUT_MAX_VALUE):**

```json
{
  "errors": [
    {
      "code": "ERR_INPUT_MAX_VALUE",
      "message": "The specified input exceed the maximum allowed value."
    }
  ]
}
```

**422 (ERR_INPUT_MIN_VALUE):**

```json
{
  "errors": [
    {
      "code": "ERR_INPUT_MIN_VALUE",
      "message": "The specified input below the minimum allowed value."
    }
  ]
}
```

**422 (ERR_INVALID_PARAMETER):**

```json
{
  "errors": [
    {
      "code": "ERR_INVALID_PARAMETER",
      "message": "Invalid Parameter Exception"
    }
  ]
}
```

**422 (ERR_SYSTEM_NO_AVAILABLE_STORAGE_HOSTS):**

```json
{
  "errors": [
    {
      "code": "ERR_SYSTEM_NO_AVAILABLE_STORAGE_HOSTS",
      "message": "No available storage hosts"
    }
  ]
}
```

**Code Samples:**

**cURL:**

```shell
curl -X POST \
  "https://{instance}.kiteworks.com/rest/files/:id/actions/initiateUpload" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
         "filename": "string",
         "totalSize": 1,
         "totalChunks": 1,
         "clientCreated": "2024-01-15",
         "clientModified": "2024-01-15",
         "proximateHost": "string"
       }'
```

**Python:**

```python
import requests

id = "VALUE"  # The unique identifier (UUID) of the entity.

url = f"https://{{instance}}.kiteworks.com/rest/files/{id}/actions/initiateUpload"
headers = {
    "Authorization": "Bearer YOUR_TOKEN",
    "Content-Type": "application/json",
}
payload = {
  "filename": "string",
  "totalSize": 1,
  "totalChunks": 1,
  "clientCreated": "2024-01-15",
  "clientModified": "2024-01-15",
  "proximateHost": "string"
}
response = requests.post(url, headers=headers, json=payload)
print(response.json())
```

---

## POST /{host_name}/rest/uploads/{id}

**Summary:** Upload a file chunk

### Description:
  Uploads a single chunk of a file to the server using the upload link obtained from an initiate-upload call. The file is reconstructed server-side once all chunks are received.
### Precondition:
  * The caller must hold a valid upload link.
  * The client must split the file into chunks before uploading.
  * Chunks must be uploaded sequentially, starting from index 1.
### Response:
  Returns the updated upload session after each intermediate chunk, and the completed file record after the final chunk.

**Parameters:**

| Name | In | Required | Description |
|------|----|----------|-------------|
| `host_name` | path | yes | The upload host name, which can be retrieved from GET /uploads/{id} or the initiateUpload response. |
| `id` | path | yes | The unique identifier of the upload. |
| `returnEntity` | query | no | If true, includes the entity in the response body. |
| `with` | query | no | Specifies additional fields to include in the response. |
| `mode` | query | no | Determines the detail level of the response body. |

**Request Body:**

| Property | Type | Required | Description |
|----------|------|----------|-------------|
| `compressionMode` | string | yes | The compression algorithm applied to this chunk. `NORMAL` – No compression; the chunk is sent as-is. `GZIP` – Chunk is compressed using GZIP. `ZLIB` – Chunk is compressed using ZLIB. |
| `compressionSize` | integer | yes | The size of the chunk after compression. |
| `content` | string | yes | The content of the chunk. If the request is in JSON format, this will be base64-encoded. |
| `originalSize` | integer | yes | The original upload content size before compression. |
| `index` | integer | no | The sequential index of the chunk (starts from 1). |
| `lastChunk` | integer | no | Indicates if this is the last chunk of the file (1 if last, 0 otherwise). |

**Responses:**

| Code | Description |
|------|-------------|
| 200 | The current chunk upload is successfully received but not yet registered to the server. |
| 201 | File uploaded successfully and is registered to the server after the last chunk is received. |
| 400 | Bad Request  <i>Possible error codes: </i>ERR_REQUEST_INVALID_JSON |
| 401 | Unauthorized  <i>Possible error codes: </i>ERR_AUTH_INVALID_CSRF, ERR_AUTH_UNAUTHORIZED |
| 403 | Forbidden  <i>Possible error codes: </i>ERR_ACCESS_USER, ERR_ENTITY_DLP_LOCKED, ERR_ENTITY_IS_BASE_DIR, ERR_ENTITY_NOT_SCANNED, ERR_ENTITY_REQUEST_FILE_UPLOAD_LIMIT_REACHED, ERR_ENTITY_RESTRICTED_TYPE, ERR_ENTITY_VIRUS_FOUND |
| 422 | Unprocessable Content  <i>Possible error codes: </i>ERR_INPUT_NOT_IN_LIST, ERR_INVALID_PARAMETER, ERR_LICENSE_MAX_UPLOAD_SIZE |
| 490 | Request blocked by WAF |

**Response Examples:**

**400 (ERR_REQUEST_INVALID_JSON):**

```json
{
  "errors": [
    {
      "code": "ERR_REQUEST_INVALID_JSON",
      "message": "Invalid json provided"
    }
  ]
}
```

**401 (ERR_AUTH_INVALID_CSRF):**

```json
{
  "errors": [
    {
      "code": "ERR_AUTH_INVALID_CSRF",
      "message": "Invalid CSRF Authentication"
    }
  ]
}
```

**401 (ERR_AUTH_UNAUTHORIZED):**

```json
{
  "errors": [
    {
      "code": "ERR_AUTH_UNAUTHORIZED",
      "message": "Unauthorized"
    }
  ]
}
```

**403 (ERR_ACCESS_USER):**

```json
{
  "errors": [
    {
      "code": "ERR_ACCESS_USER",
      "message": "Insufficient access permissions"
    }
  ]
}
```

**403 (ERR_ENTITY_DLP_LOCKED):**

```json
{
  "errors": [
    {
      "code": "ERR_ENTITY_DLP_LOCKED",
      "message": "One or more files have been quarantined and are not available to download. Please contact your administrator for assistance."
    }
  ]
}
```

**403 (ERR_ENTITY_IS_BASE_DIR):**

```json
{
  "errors": [
    {
      "code": "ERR_ENTITY_IS_BASE_DIR",
      "message": "Operation not permitted on Base Folder"
    }
  ]
}
```

**403 (ERR_ENTITY_NOT_SCANNED):**

```json
{
  "errors": [
    {
      "code": "ERR_ENTITY_NOT_SCANNED",
      "message": "One or more files are undergoing security and privacy scans. Please try again later."
    }
  ]
}
```

**403 (ERR_ENTITY_REQUEST_FILE_UPLOAD_LIMIT_REACHED):**

```json
{
  "errors": [
    {
      "code": "ERR_ENTITY_REQUEST_FILE_UPLOAD_LIMIT_REACHED",
      "message": "Upload limit has reached."
    }
  ]
}
```

**403 (ERR_ENTITY_RESTRICTED_TYPE):**

```json
{
  "errors": [
    {
      "code": "ERR_ENTITY_RESTRICTED_TYPE",
      "message": "The specified entity mime type is not allowed."
    }
  ]
}
```

**403 (ERR_ENTITY_VIRUS_FOUND):**

```json
{
  "errors": [
    {
      "code": "ERR_ENTITY_VIRUS_FOUND",
      "message": "File is infected"
    }
  ]
}
```

**422 (ERR_INPUT_NOT_IN_LIST):**

```json
{
  "errors": [
    {
      "code": "ERR_INPUT_NOT_IN_LIST",
      "message": "The specified input is not allowed."
    }
  ]
}
```

**422 (ERR_INVALID_PARAMETER):**

```json
{
  "errors": [
    {
      "code": "ERR_INVALID_PARAMETER",
      "message": "Invalid Parameter Exception"
    }
  ]
}
```

**422 (ERR_LICENSE_MAX_UPLOAD_SIZE):**

```json
{
  "errors": [
    {
      "code": "ERR_LICENSE_MAX_UPLOAD_SIZE",
      "message": "Upload size exceed licensed maximum upload size"
    }
  ]
}
```

**Code Samples:**

**cURL:**

```shell
curl -X POST \
  "https://{instance}.kiteworks.com/:host_name/rest/uploads/:id" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
         "compressionMode": "NORMAL",
         "compressionSize": 1,
         "content": "string",
         "originalSize": 1,
         "index": 1,
         "lastChunk": 1
       }'
```

**Python:**

```python
import requests

host_name = "VALUE"  # The upload host name, which can be retrieved from GET /uploads/{id} or the initiateUpload response.
id = "VALUE"  # The unique identifier of the upload.

url = f"https://{{instance}}.kiteworks.com/{host_name}/rest/uploads/{id}"
headers = {
    "Authorization": "Bearer YOUR_TOKEN",
    "Content-Type": "application/json",
}
payload = {
  "compressionMode": "NORMAL",
  "compressionSize": 1,
  "content": "string",
  "originalSize": 1,
  "index": 1,
  "lastChunk": 1
}
response = requests.post(url, headers=headers, json=payload)
print(response.json())
```

---
