Media API
Upload and manage files — property photos, lease documents, ID cards, energy certificates. Files are stored securely in S3 with tenant isolation and optional encryption for sensitive documents.
Quick Example
Code
Common Workflows
Upload property photos
POST /api/v1/media/upload/ESTATE/{id}— Upload photos for an apartmentPUT /api/v1/media/{entity_type}/{entity_id}/{media_id}/role— SetPRIMARY_PHOTOfor the main imageGET /api/v1/media/ESTATE/{id}— List all media for the unit
Store lease documents securely
POST /api/v1/media/upload/LEASE/{id}— Upload with automatic CRITICAL security level for lease PDFsPUT /api/v1/media/{id}/role— AssignLEASE_ORIGINALorLEASE_SIGNEDrole- Documents are encrypted with SSE-C at rest
Overview
The Media API provides comprehensive file management including:
- Document Storage: Lease agreements, contracts, certificates
- Image Management: Property photos, floor plans, inspection images
- File Security: Access control and permissions with SSE-C encryption
- Entity Associations: Link media to properties, leases, contacts
- File Validation: MIME type and size restrictions
- Role Management: Assign specific roles to media (AVATAR, ID_DOCUMENT, PRIMARY_PHOTO, etc.)
- Tag System: Organize media with searchable tags
Authentication
Requires PropertiesRead, PropertiesWrite, or PropertiesDelete permissions.
Base URL
All media endpoints: /api/v1/media
Core Operations
Upload Media
POST /api/v1/media/upload/{entity_type}/{entity_id}
Upload a file and attach it immediately to the target entity.
Path Parameters:
entity_type: Type of entity (PLACE, ESTATE, ROOM, EQUIPMENT, LEASE, OWNER, CONTACT, LESSEE)entity_id: UUID of the target entity
Request (multipart/form-data):
Code
Response:
Code
List Media by Entity
GET /api/v1/media/{entity_type}/{entity_id}
Get all media attached to a specific entity.
Path Parameters:
entity_type: Type of entityentity_id: UUID of the entity
Response:
Code
Search Media by Tags
GET /api/v1/media/search
Search media using tags with optional entity filtering.
Query Parameters:
tags: Comma-separated list of tags (lowercase)match_all: If true (default), all tags must match; else any tagentity_type: Optional entity type filterentity_id: Optional entity ID filter
Update Media Tags
PUT /api/v1/media/{id}/tags
Replace all tags for a media item.
Request:
Code
Assign Role to Media
PUT /api/v1/media/{entity_type}/{entity_id}/{media_id}/role
Assign a unique role to a media for an entity.
Path Parameters:
entity_type: Type of entityentity_id: UUID of the entitymedia_id: UUID of the media
Request:
Code
Clear Role Assignment
DELETE /api/v1/media/{entity_type}/{entity_id}/role/{role}
Remove role assignment for an entity.
Get Media by Role
GET /api/v1/media/{entity_type}/{entity_id}/role/{role}
Get the media with a specific role for an entity.
Serve Media
GET /api/v1/media/serve/{id}
Serve media content. Returns JSON for unencrypted media, binary for encrypted media.
Download Media
GET /api/v1/media/download/{id}
Force download of media as binary stream with Content-Disposition header.
Delete Media
DELETE /api/v1/media/{id}
Delete media (removes both S3 object and database record).
Entity Types
Media can be associated with:
PLACE- Building or complex mediaESTATE- Unit-specific mediaROOM- Room photos and documentationEQUIPMENT- Equipment manuals and photosLEASE- Lease-related documentsOWNER- Owner documentationCONTACT- Contact documentationLESSEE- Lessee documentation
Media Roles
Media can be assigned specific roles for different entities:
AVATAR- Profile picture or avatarID_DOCUMENT- Identity documentPRIMARY_PHOTO- Main photo for the entityLEASE_ORIGINAL- Original lease documentLEASE_SIGNED- Signed lease document
Security Levels
STANDARD
- Allowed Types: Images (JPEG, PNG, GIF), PDFs, Documents
- Max Size: 10MB
- Access: Normal authenticated access
- Encryption: No encryption
SENSITIVE
- Allowed Types: PDFs, Documents only
- Max Size: 5MB
- Access: Restricted access with additional permissions
- Encryption: Optional SSE-C encryption
CRITICAL
- Allowed Types: PDFs, Documents only
- Max Size: 5MB
- Access: Highly restricted access
- Encryption: Mandatory SSE-C encryption
File Type Support
Images:
image/jpeg,image/png,image/gif,image/webp
Documents:
application/pdfapplication/mswordapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
Archives:
application/zip
Error Responses
400 Bad Request
Code
413 Payload Too Large
Code
Worker Endpoints
Serve Media for Workers
GET /api/v1/media/worker/{id}
Endpoint for workers (requires specific API key/Bearer token). Returns file as Base64 JSON.
Headers:
X-Tenant-ID: Tenant identifierX-Worker-Type: Worker type (e.g., signature-processor, otp-validator)
Upload Signed PDF
POST /api/v1/media/upload-signed/{media_id}
Upload a signed PDF from a worker. Document is stored in secure mode (SSE-C) with checksum.
Headers:
X-Tenant-ID: Tenant identifierX-Worker-Type: Worker type
Request: PDF binary data
Common Use Cases
Property Marketing
- Upload property photos with
entity_type=ESTATE - Assign
PRIMARY_PHOTOrole to main property image - Add floor plans and layouts with appropriate tags
Document Management
- Upload lease agreements with
security_level=CRITICAL - Assign
LEASE_ORIGINALrole to original documents - Store signed documents with
LEASE_SIGNEDrole
Equipment Documentation
- Upload equipment manuals with
entity_type=EQUIPMENT - Store warranty documents with appropriate tags
- Photo documentation for maintenance
Contact Management
- Upload ID documents with
entity_type=CONTACT - Assign
ID_DOCUMENTrole to identity documents - Add profile photos with
AVATARrole
Integration Notes
- File Storage: Secure S3 storage with tenant isolation
- Encryption: SSE-C encryption for sensitive documents
- Checksum Verification: SHA-256 integrity checking
- Role Management: Unique role assignment per entity
- Tag System: Searchable tags for media organization
- Multi-tenancy: Complete tenant isolation and access control
- Worker Support: Specialized endpoints for automated processes