Manage Folders with the Kiteworks REST API
Folders are the primary container for all content in Kiteworks. This guide walks through the four foundational operations in the order you'll use them: discover what exists, navigate into it, inspect its contents, then create new structure within it.
In this guide
- List top-level folders — retrieve all root folders and their IDs
- List child folders — navigate into a folder to see its subfolders
- List files in a folder — inspect the files contained in any folder
- Create a folder — create a top-level or nested folder using an ID from steps 1 or 2
Authorization header. The Python
samples import KWOAuthClient from a get_access_token module — see
Authentication
for the implementation of this helper.
X-Accellion-Version: 28 header. Omitting it or
supplying an unsupported value will return an error.
1. List Top-Level Folders
Start here. This request returns all root folders accessible to the authenticated user.
The id value on each folder is what you'll pass as parent_folder_id
to navigate deeper or to create a nested folder.
/rest/folders/top
Query parameters
All parameters are optional.
| Parameter | Type | Description |
|---|---|---|
orderBy | string | Sort field and direction — e.g. name:asc. See Sorting. |
offset | integer | Number of records to skip. See Pagination. |
limit | integer | Maximum number of folders to return. |
deleted | string | Filter by deletion status: true, false, or none. |
curl -X GET "{base_url}/rest/folders/top" \
-H "X-Accellion-Version: 28" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-H "Content-Type: application/json"
import requests
from get_access_token import KWOAuthClient
def list_top_level_folders(base_url, access_token):
"""Return all top-level folders accessible to the authenticated user."""
url = f"{base_url}/rest/folders/top"
headers = {
"X-Accellion-Version": "28",
"Authorization": f"Bearer {access_token}",
"Content-Type": "application/json",
}
params = {
# "orderBy": "name:asc",
# "offset": 0,
# "limit": 10,
# "deleted": "false",
}
response = requests.get(url, headers=headers, params=params)
response.raise_for_status()
return response.json()
def main():
base_url = input("Enter Base URL for Kiteworks instance: ")
client = KWOAuthClient(base_url)
access_token = client.get_access_token()
folders = list_top_level_folders(base_url, access_token)
print(folders)
if __name__ == "__main__":
main()
Example response
Returns 200 OK with an array of folder objects. The id field is what you'll pass as parent_folder_id in the next steps.
[
{
"id": "b111c222-d333-e444-f555-a666777888bbb",
"name": "My Folder",
"description": "My folder for testing purposes",
"parentId": "0",
"path": "My Folder",
"type": "d",
"isShared": true,
"secure": false,
"syncable": true,
"userId": "a111b222-c333-d444-e555-f666777888aaa",
"creator": {
"id": "a111b222-c333-d444-e555-f666777888aaa",
"name": "jane.doe@example.com",
"email": "jane.doe@example.com"
},
"created": "2014-01-20T23:01:39+0000",
"modified": "2025-11-07T15:06:25+0000",
"permalink": "https://content.example.com/w/f-b111c222-d333-e444-f555-a666777888bbb"
}
]
2. List Child Folders
Use an id from step 1 to retrieve that folder's immediate subfolders.
Repeat at each level to traverse the full folder tree.
/rest/folders/{parent_folder_id}/folders
Path parameters
| Parameter | Type | Description |
|---|---|---|
parent_folder_id | string (UUID) | The id of the folder whose subfolders you want to retrieve. |
Query parameters
All parameters are optional.
| Parameter | Type | Description |
|---|---|---|
name | string | Filter by exact folder name. |
name:contains | string | Filter folders whose name contains the given substring. |
userId | string | Filter by the UUID of the folder's creator. |
deleted | string | Filter by deletion status: true or false. |
secure | string | Filter by secure flag: true or false. |
orderBy | string | Sort field and direction — e.g. name:asc. |
offset | integer | Pagination offset. |
limit | integer | Maximum number of results to return. |
# Use the id value returned in step 1
curl -X GET "$KW_INSTANCE_URL/rest/folders/b111c222-d333-e444-f555-a666777888bbb/folders" \
-H "X-Accellion-Version: 28" \
-H "Authorization: Bearer $KW_ACCESS_TOKEN" \
-H "Content-Type: application/json"
import requests
from get_access_token import KWOAuthClient
def list_child_folders(base_url, access_token, parent_folder_id):
"""Return the immediate subfolders of the given parent folder."""
url = f"{base_url}/rest/folders/{parent_folder_id}/folders"
headers = {
"X-Accellion-Version": "28",
"Authorization": f"Bearer {access_token}",
"Content-Type": "application/json",
}
params = {
# "name": "My Sub-folder",
# "name:contains": "Sub",
# "deleted": "false",
# "orderBy": "name:asc",
# "offset": 0,
# "limit": 10,
}
response = requests.get(url, headers=headers, params=params)
response.raise_for_status()
return response.json().get("data", [])
def main():
base_url = input("Enter Base URL for Kiteworks instance: ")
client = KWOAuthClient(base_url)
access_token = client.get_access_token()
folder_id = input("Enter parent folder ID: ")
folders = list_child_folders(base_url, access_token, folder_id)
print(folders)
if __name__ == "__main__":
main()
Example response
Returns 200 OK. Results are in the data array.
{
"id": "c222d333-e444-f555-a666-b777888999ccc",
"name": "My Sub-folder",
"parentId": "b111c222-d333-e444-f555-a666777888bbb",
"path": "My Folder/My Sub-folder",
"type": "d",
"secure": false,
"syncable": true,
"fileLifetime": 10,
"userId": "a111b222-c333-d444-e555-f666777888aaa",
"created": "2025-05-07T13:30:08+0000",
"modified": "2025-05-07T13:30:21+0000",
"permalink": "https://content.example.com/w/f-c222d333-e444-f555-a666-b777888999ccc"
}
3. List Files in a Folder
Use any folder id from the previous steps to list the files it contains.
The file id values returned here are what you'll pass to download, move, and
delete endpoints in
Manage Files.
/rest/folders/{folder_id}/files
Path parameters
| Parameter | Type | Description |
|---|---|---|
folder_id | string (UUID) | The id of the folder whose files you want to list. |
Query parameters
All parameters are optional.
| Parameter | Type | Description |
|---|---|---|
name | string | Filter by exact file name. |
userId | string | Filter by the UUID of the file's creator. |
orderBy | string | Sort field and direction — e.g. name:asc. |
offset | integer | Pagination offset. |
limit | integer | Maximum number of files to return. |
# Use a folder id from step 1 or 2
curl -X GET "${KW_INSTANCE_URL}/rest/folders/c222d333-e444-f555-a666-b777888999ccc/files" \
-H "X-Accellion-Version: 28" \
-H "Authorization: Bearer ${KW_ACCESS_TOKEN}" \
-H "Content-Type: application/json"
import requests
from get_access_token import KWOAuthClient
def list_files_in_folder(base_url, access_token, folder_id):
"""Return all files contained within the given folder."""
url = f"{base_url}/rest/folders/{folder_id}/files"
headers = {
"Authorization": f"Bearer {access_token}",
"X-Accellion-Version": "28",
"Content-Type": "application/json",
}
params = {
# "name": "my-file.csv",
# "userId": "a111b222-...",
# "orderBy": "name:asc",
# "offset": 0,
# "limit": 10,
}
response = requests.get(url, headers=headers, params=params)
response.raise_for_status()
return response.json().get("data", [])
def main():
base_url = input("Enter Base URL for Kiteworks instance: ")
client = KWOAuthClient(base_url)
access_token = client.get_access_token()
folder_id = input("Enter folder ID: ")
files = list_files_in_folder(base_url, access_token, folder_id)
print(files)
if __name__ == "__main__":
main()
Example response
Returns 200 OK. File objects are in the data array.
[
{
"id": "f333a444-b555-c666-d777-e888999000fff",
"name": "my-file.csv",
"path": "My Folder/My Sub-folder/my-file.csv",
"type": "f",
"mime": "text/plain",
"size": 30,
"parentId": "c222d333-e444-f555-a666-b777888999ccc",
"locked": false,
"secure": false,
"avStatus": "allowed",
"dlpStatus": "allowed",
"creator": {
"id": "a111b222-c333-d444-e555-f666777888aaa",
"name": "John Doe",
"email": "user@example.com"
},
"created": "2026-01-21T20:43:42+0000",
"modified": "2026-01-21T20:43:42+0000",
"permalink": "https://content.example.com/w/f-f333a444-b555-c666-d777-e888999000fff"
}
]
4. Create a Folder
Now that you have folder IDs from the previous steps, you can create a new folder — either at the top level or nested inside an existing one.
/rest/folders/{parent_folder_id}/folders
Path parameters
| Parameter | Type | Description |
|---|---|---|
parent_folder_id | string (UUID) | The UUID of the parent folder, or 0 for a top-level folder. |
Query parameters
| Parameter | Type | Description |
|---|---|---|
returnEntity | boolean | When true, the new folder object is returned in the response body. Defaults to false. |
Request body
| Field | Type | Required | Description |
|---|---|---|---|
name | string | Required | Display name for the new folder. |
description | string | Optional | A short description of the folder's purpose. |
secure | boolean | Optional | Marks the folder as DRM-protected. |
syncable | boolean | Optional | Whether the folder can be synced to desktop clients. |
expire | integer | Optional | Expiration timestamp for the folder. |
fileLifetime | integer | Optional | Default lifetime in days for files in this folder. 0 means no expiry. |
# Top-level folder — parent_folder_id is 0
curl -X POST "https://{base_url}/rest/folders/0/folders?returnEntity=true" \
-H "X-Accellion-Version: 28" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "The new Top Level Folder",
"description": "This is a top-level folder.",
"secure": false,
"syncable": false
}'
# Nested folder — use a parent id from step 1 or 2
curl -X POST "https://{base_url}/rest/folders/b111c222-d333-e444-f555-a666777888bbb/folders?returnEntity=true" \
-H "X-Accellion-Version: 28" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "A New Sub-folder",
"description": "Nested inside My Folder.",
"secure": false,
"syncable": false
}'
import requests
import json
from get_access_token import KWOAuthClient
def create_folder(base_url, access_token, parent_folder_id, folder_data):
"""
Create a folder inside parent_folder_id.
Pass parent_folder_id="0" to create a top-level folder.
"""
url = f"{base_url}/rest/folders/{parent_folder_id}/folders"
headers = {
"X-Accellion-Version": "28",
"Authorization": f"Bearer {access_token}",
"Content-Type": "application/json",
}
params = {"returnEntity": "true"}
response = requests.post(url, headers=headers, params=params, data=json.dumps(folder_data))
response.raise_for_status()
return response.json()
def main():
base_url = input("Enter Base URL for Kiteworks instance: ")
client = KWOAuthClient(base_url)
access_token = client.get_access_token()
parent_id = input("Enter parent folder ID (or 0 for top-level): ")
folder_data = {
"name": "The new Folder",
"description": "Created via the Kiteworks API.",
"secure": False,
"syncable": False,
# Optional fields — uncomment and set values as needed:
# "expire": "",
# "fileLifetime": 0,
# "rename": False,
}
result = create_folder(base_url, access_token, parent_id, folder_data)
print(result)
if __name__ == "__main__":
main()
Example response
Returns 201 Created. When returnEntity=true, the full folder object is included in the body.
{
"id": "b333c444-d555-e666-f777-a888999000bbb",
"name": "The new Top Level Folder",
"description": "This is a top-level folder.",
"parentId": "0",
"path": "The new Top Level Folder",
"type": "d",
"secure": false,
"syncable": false,
"fileLifetime": 0,
"deleted": false,
"userId": "a111b222-c333-d444-e555-f666777888aaa",
"created": "2026-02-04T11:14:18+0000",
"modified": "2026-02-04T11:14:18+0000",
"permalink": "https://content.kiteworks.com/w/f-b333c444-d555-e666-f777-a888999000bbb"
}
Next Steps
With your folder structure in place, you're ready to work with the files inside it:
- Manage Files → Upload, download, and manage files using the folder IDs from this guide
- Manage Mail → Send and receive mail on behalf of authenticated users
- API Reference → Full
/foldersendpoint specification