Workspaces for agentic teams. Complete agent guide with all 19 consolidated tools using action-based routing — parameters, workflows, ID formats, and constra...
Real data. Real impact.
Emerging
Developers
Per week
Open source
Skills give you superpowers. Install in 30 seconds.
Version: 1.167 Last Updated: 2026-04-16
The definitive guide for AI agents using the Fast.io MCP server. Covers why and how to use the platform: product capabilities, the free agent plan, authentication, core concepts (workspaces, shares, intelligence, previews, comments, URL import, metadata, workflow, ownership transfer), 12 end-to-end workflows, interactive MCP App widgets, and all 19 consolidated tools with action-based routing.
Versioned guide. This guide is versioned and updated with each server release. The version number at the top of this document tracks tool parameters, ID formats, and API behavior changes. If you encounter unexpected errors, the guide version may have changed since you last read it.
Platform reference. For a comprehensive overview of Fast.io's capabilities, the agent plan, key workflows, and upgrade paths, see references/REFERENCE.md.
Workspaces for Agentic Teams. Collaborate, share, and query with AI -- all through one API, free.
Fast.io provides workspaces for agentic teams -- where agents collaborate with other agents and with humans. Upload outputs, create branded shares, ask questions about documents using built-in AI, and hand everything off to a human when the job is done. No infrastructure to manage, no subscriptions to set up, no credit card required.
Agentic teams -- groups of agents working together and with humans -- need a shared place to work. Today, agents cobble together S3 buckets, presigned URLs, email attachments, and custom download pages. Every agent reinvents collaboration, and there is no shared workspace where agents and humans can see the same files, track activity, and hand off work.
When agents need to understand documents -- not just store them -- they have to download files, parse dozens of formats, build search indexes, and manage their own RAG pipeline. That is a lot of infrastructure for what should be a simple question: "What does this document say?"
| Problem | Fast.io Solution |
|---|---|
| No shared workspace for agentic teams | Workspaces where agents and humans collaborate with file preview, versioning, and AI |
| Agent-to-agent coordination lacks structure | Shared workspaces with activity feeds, comments, and real-time sync across team members |
| Sharing outputs with humans is awkward | Purpose-built shares (Send, Receive, Exchange) with link sharing, passwords, expiration |
| Collecting files from humans is harder | Receive shares let humans upload directly to your workspace -- no email attachments |
| Understanding document contents | Built-in AI reads, summarizes, and answers questions about your files |
| Building a RAG pipeline from scratch | Enable intelligence on a workspace and documents are automatically indexed, summarized, and queryable |
| Finding the right file in a large collection | Storage search finds documents by keyword or meaning (semantic search when intelligence is enabled) |
| Handing a project off to a human | One-click ownership transfer -- human gets the org, agent keeps admin access |
| Tracking what happened | Full audit trail with AI-powered activity summaries |
| Cost | Free. 50 GB storage, 5,000 monthly credits, no credit card |
This MCP server exposes 19 consolidated tools that cover the full Fast.io REST API surface. Every authenticated API endpoint has a corresponding tool action, and the server handles session management automatically.
All API access goes through the MCP tools. Do not make direct HTTP calls to
api.fast.ioPOST /blobGET /file/Once a user authenticates, the auth token is stored in the server session and automatically attached to all subsequent API calls. There is no need to pass tokens between tool invocations.
mcp.fast.iomcp.fastdev1.comTwo transports are available on each:
/mcp/sseThe server exposes static MCP resources, widget resources, and file download resource templates. Clients can read them via
resources/listresources/read| URI | Name | Description | MIME Type |
|---|---|---|---|
| skill-guide | Full agent guide (this document) with all 19 tools, workflows, and platform documentation | |
| session-status | Current authentication state: | |
| Widget HTML | Interactive HTML5 widgets (6 total) -- use the | |
File download resource templates -- read file content directly through MCP without needing external HTTP access:
| URI Template | Name | Auth | Dynamic Listing | Description |
|---|---|---|---|---|
| download-workspace-file | Session token | Yes | Download a file from a workspace |
| download-share-file | Session token | Yes | Download a file from a share |
| download-quickshare-file | None (public) | No | Download a quickshare file |
Files up to 50 MB are returned inline as base64-encoded blob content. Larger files return a text fallback with a URL to the HTTP pass-through endpoint (see below). The
downloadresource_uriDynamic resource listing: When authenticated, workspace and share file resources are dynamically listed via
resources/list@storagelistThe server registers MCP prompts that appear in the client's "Add From" / "+" menu as user-clickable app launchers. These are primarily for desktop MCP clients (e.g., Claude Desktop); code-mode clients (Claude Code, Cursor) do not surface prompts.
| Prompt Name | Description |
|---|---|
| Launch the Workspace Picker to browse orgs, select workspaces, and manage shares |
| Launch the File Picker with built-in workspace navigator for browsing, searching, and selecting files |
| Launch the Workflow Manager (auto-selects workspace if only one, otherwise opens Workspace Picker first) |
| Launch the Uploader to upload files with drag-and-drop, progress tracking, and text file creation |
| List all available MCP App widgets with descriptions and launch instructions |
For files larger than 50 MB or when raw binary streaming is needed, the server provides an HTTP pass-through endpoint that streams file content directly from the API:
| Endpoint | Auth | Description |
|---|---|---|
| | Stream a workspace file |
| | Stream a share file |
| None (public) | Stream a quickshare file |
The response includes proper
Content-TypeContent-LengthContent-DispositionMcp-Session-IdThe server includes workflow features for project tracking: tasks (structured work items with priorities and assignees), worklogs (append-only activity logs), approvals (formal sign-off requests), and todos (simple checklists). Enable workflow on a workspace with
workspaceenable-workflowBest practice (IMPORTANT): After state-changing actions (uploading files, creating shares, changing task status, member changes, file moves/deletes), append a worklog entry describing what you did and why. Without worklog entries, agent work is invisible to humans reviewing the workspace. For multiple related actions (e.g., uploading several files), you may log once after the batch completes rather than after each individual action. Worklog entries are append-only and permanent.
/skill.mdhttps://api.fast.io/llms.txtAuthentication is required before calling any tool except these unauthenticated tools:
authsigninsignupset-api-keypkce-loginemail-checkpassword-reset-requestpassword-resetdownloadquickshare-detailsThere are three ways to use Fast.io as an agent, depending on whether you are operating autonomously or assisting an existing human user.
Option 1: Autonomous Agent -- Create an Agent Account
If you are operating independently (storing files, running workflows, building workspaces for users), create your own agent account with
authsignupOption 2: Assisting a Human -- Use Their API Key
If a human already has a Fast.io account and wants your help managing their files, workspaces, or shares, they can create an API key for you to use. No separate agent account is needed -- you operate as the human user. The human creates a key at Settings -> Devices & Agents -> API Keys (direct link:
https://go.fast.io/settings/api-keysauthset-api-keyagent_nameauthapi-key-createapi-key-updateapi-key-listapi-key-getapi-key-deleteOption 3: Agent Account Invited to a Human's Org
If you want your own agent identity but need to work within a human's existing organization, create an agent account with
authsignupmemberaddorgmemberaddworkspaceuseraccept-all-invitationsauthsigninOption 4: Browser Login (PKCE)
Not for headless agents: PKCE requires a human with a browser present in the conversation. Headless agents, CLI tools, and automated pipelines cannot complete this flow — use Option 1 (signup) or Option 2 (API key) instead.
If you prefer not to send a password through the agent, use browser-based PKCE login. Call
authpkce-loginemailauthpkce-completePKCE login supports optional scoped access via the
scope_typescope_type"user"| scope_type | Access granted |
|---|---|
| Full account access (default) |
| User selects specific organizations |
| User selects specific workspaces |
| All organizations the user belongs to |
| All workspaces the user has access to |
| All shares the user is a member of ( |
Scope inheritance: Broader scopes include access to child entities automatically:
all_orgsall_workspacesorgworkspaceall_sharesThe
agent_nameApproval flow by scope_type:
userorgworkspaceall_orgsall_workspacesall_sharesThe MCP server defaults to
scope_type="user"| Scenario | Recommended Approach |
|---|---|
| Operating autonomously, storing files, building for users | Create an agent account with your own org (Option 1) |
| Helping a human manage their existing account | Ask the human to create an API key for you (Option 2) |
| Working within a human's org with your own identity | Create an agent account, have the human invite you (Option 3) |
| Building something to hand off to a human | Create an agent account, build it, then transfer the org (Option 1) |
| Signing in without sending a password through the agent | Browser-based PKCE login (Option 4) |
| Running headless / no browser available | Create an agent account (Option 1) or use an API key (Option 2) — do NOT use PKCE |
Credit limits by account type: Agent accounts (Options 1, 3) can transfer orgs to humans when credits run out -- see Ownership Transfer in section 3. Human accounts (Option 2) cannot use the transfer/claim API; direct the human to upgrade their plan at
https://go.fast.io/settings/billingorgbilling-createauthsigninemailpasswordauth_tokenWhen creating a new account (Options 1 and 3 above), agents MUST use
authsignupagent=trueaccount_type"agent"Steps:
authemail-checkemailauthsignupfirst_namelast_nameemailpasswordagent=trueauthemail-verifyemailauthemail-verifyemailemail_tokenauthsigninemailpasswordtwo_factor_required: trueauth2fa-verifycodeSome API endpoints require per-request 2FA verification when the account has 2FA enabled. These operations require a valid 2FA
tokenapi-key-createapi-key-deleteIf the account does not have 2FA enabled, these operations work normally without a token. If 2FA is enabled and the token is missing or invalid, the request fails.
Workflow:
auth2fa-statusstate"enabled"auth2fa-sendtokenapi-key-createapi-key-deleteTip: API key authentication (
authset-api-keyauthpkce-loginemailscope_typeagent_namelogin_urlagent_namescope_typeuserorgworkspaceall_orgsall_workspacesall_sharesauthpkce-completecodescopesagent_nameauthstatussession_expired: trueexpired_reason"token_expired""refresh_expired"expired_atauthcheckOAuth/PKCE sessions (the default) have 1-hour access tokens and 30-day refresh tokens. The MCP server proactively refreshes OAuth access tokens before they expire -- an internal alarm fires ~5 minutes before expiry and silently obtains a new token using the stored refresh token. This creates a self-sustaining cycle: sessions stay alive indefinitely without user interaction, until the 30-day refresh token chain expires or is revoked. If proactive refresh fails, a reactive safety net retries on the next tool call (401 → refresh → retry).
Basic JWT sessions (from
authsigninAPI keys do not expire by default, but can optionally have an expiration set via
api-key-createapi-key-updatekey_expiresThe MCP server tracks how each session was authenticated (
auth_method"api_key""jwt""oauth"Error differentiation: When a session expires, tool calls return
"Session expired. Please re-authenticate...""Not authenticated..."Call
authsignoutOrganizations are top-level containers that collect workspaces. An organization can represent a company, a business unit, a team, or simply your own personal collection. Every user belongs to one or more organizations. Organizations have:
Organizations are identified by a 19-digit numeric profile ID or a domain string.
IMPORTANT: When creating orgs, agents MUST use
orgcreatebilling_plan: "agent"Organizations on Pro or Business plans can configure a custom domain (e.g.
files.acme.comSetup flow:
orgcustom-domain-createorg_idhostnamefiles.acme.comhostnamestatus: "pending"cname_targetfiles.acme.com CNAME custom.fast.iocustom.fastdev1.compendingactiveChecking status:
orgcustom-domain-getorg_id{ hostname: null }Validating DNS:
orgcustom-domain-validateorg_idRemoving:
orgcustom-domain-deleteorg_idPlan requirement: Custom domains require a Pro or Business plan for creation. The agent plan does not include this feature. If the org is on a plan that does not support custom domains, creation returns a subscription upgrade error.
To discover all available orgs, agents must call both actions:
orglistmember: trueorgdiscover-externalmember: falseAn agent that only checks
action org
will miss external orgs entirely and won't discover the workspaces it's been invited to. External orgs are the most common pattern when a human invites an agent to help with a specific project -- they add the agent to a workspace but not to the org itself.list
Internal orgs (
member: trueExternal orgs (
member: falseExample: A human invites your agent to their "Q4 Reports" workspace. You can upload files, run AI queries, and collaborate in that workspace. But you cannot create new workspaces in their org, view their billing, or access their other workspaces. The org shows up via
orgdiscover-externalorglistWorkspaces are file storage containers within organizations. Each workspace has:
statusactivependingactiveWorkspaces are identified by a 19-digit numeric profile ID.
Workspaces have an intelligence toggle that controls whether AI features are active.
⚠️ COST WARNING: Intelligence incurs significant ingestion costs (10 credits per page for every uploaded document). For a workspace with hundreds or thousands of pages, this adds up quickly. Do NOT enable intelligence unless the user specifically needs RAG chat queries or semantic search via storage search. Most workflows (file storage, sharing, collaboration, one-off file analysis) work perfectly without it.
Intelligence OFF (recommended default) -- the workspace is pure file storage. You can still attach files directly to an AI chat conversation (up to 20 files, 200 MB total) and ask questions about them -- no ingestion cost. This is the right choice for most use cases: file storage, sharing, collaboration, project coordination, and analyzing a small number of specific files.
Intelligence ON (only when needed) -- the workspace becomes an AI-powered knowledge base. Every document and code file uploaded is automatically ingested, summarized, and indexed. Only enable this when the user needs one of these two capabilities:
storagesearchIntelligence also enables auto-summarization and automatic metadata extraction, but these alone do not justify the ingestion cost.
Coming soon: RAG indexing support for images, video, and audio files. Currently only documents and code are indexed.
Default behavior: The MCP server defaults intelligence to OFF when creating workspaces and shares. To enable intelligence, you must explicitly pass
intelligence: "true"Agent use case: Create a workspace per project or client. Keep intelligence OFF for storage and collaboration. Only enable it when users need to query across a large document set. Upload reports, datasets, and deliverables. Invite other agents and human stakeholders. Everything is organized, searchable, and versioned.
For full details on AI chat types, file context modes, AI state, and how intelligence affects them, see the AI Chat section below.
Shares are purpose-built spaces for exchanging files with people outside your workspace. They can exist within workspaces and have three types:
| Mode | What It Does | Agent Use Case |
|---|---|---|
| Send | Recipients can download files | Deliver reports, exports, generated content |
| Receive | Recipients can upload files | Collect documents, datasets, user submissions |
| Exchange | Both upload and download | Collaborative workflows, review cycles |
A Portal is a Send share created from a workspace folder (
storage_mode=workspace_foldersharecreateshare_type: "send"storage_mode: "workspace_folder"folder_node_idcreate_folder: trueoffmediumhighdownload_securityanonymous_uploads_enabledWhen creating a share with
sharecreatestorage_mode
(independent storage, default) -- The share has its own isolated storage. Files are added directly to the share and are independent of any workspace. This creates a self-contained share -- changes to workspace files do not affect the share, and vice versa. Use for final deliverables, compliance packages, archived reports, or any scenario where you want an immutable snapshot.independent
(workspace-backed) -- The share is backed by a specific folder in a workspace. The share displays the live contents of that folder -- any files added, updated, or removed in the workspace folder are immediately reflected in the share. No file duplication, so no extra storage cost. To create a workspace folder share, pass workspace_folder
storage_mode=workspace_folderfolder_node_id={folder_opaque_id}intelligencefalseBoth modes look the same to share recipients -- a branded share with file preview, download controls, and all share features. The difference is whether the content is a snapshot (independent) or a live view (workspace folder).
Response fields: API responses include both
storage_modeindependentworkspace_foldershare_categoryportalshared_folderstorage_modeshare_categoryShares are identified by a 19-digit numeric profile ID.
Agent use case: Generate a quarterly report, create a Send share with your client's branding, set a 30-day expiration, and share the link. The client sees a professional, branded page with instant file preview -- not a raw download link.
Files and folders are represented as storage nodes. Each node has an opaque ID (a 30-character alphanumeric string, displayed with hyphens, e.g.
f3jm5-zqzfx-pxdr2-dx8z5-bvnb3-rpjfm4roottrashKey operations on storage nodes: list, create-folder, move, copy, rename, delete (moves to trash), purge (permanently deletes), restore (recovers from trash), search, add-file (link an upload), and add-link (create a share reference).
Nodes have versions. Each file modification creates a new version. Version history can be listed and files can be restored to previous versions.
Do NOT delete and re-upload to "update" a file. Same-name uploads to the same parent folder overwrite the existing node in place, preserving the
. The prior content is kept as a version and is recoverable at any time. Deleting the old node first is wasted work, breaks any node_id
node_idThe correct update-a-file pattern:
uploadcreate-sessionparent_node_idfilenameprofile_typeprofile_idfilesizePOST /blobuploadchunkblob_iduploadfinalizestreamnode_idstorageversion-liststorageversion-restoreDeterministic overwrite by node_id: if the filename may have drifted (e.g., a previous rename), or you want to guarantee the overwrite hits a specific
node_idtarget_node_idcreate-sessionaction=updatefile_id=<target_node_id>parent_node_idfilenametarget_node_idWorked example — edit a file's content and recover the prior version:
# Initial upload upload create-session profile_type=workspace, profile_id=<ws_id>, parent_node_id=<folder_id>, filename="state.json", filesize=1024 POST /blob <bytes> upload chunk upload_id=<id> chunk_number=1 blob_id=<blob> upload finalize upload_id=<id> # → new_file_id = f3jm5-zqzfx-... (this is the stable node_id)Later, "edit" the file by re-uploading with the same name+parent
upload create-session profile_type=workspace, profile_id=<ws_id>, parent_node_id=<folder_id>, filename="state.json", filesize=2048 POST /blob <new_bytes> upload chunk upload_id=<id2> chunk_number=1 blob_id=<blob2> upload finalize upload_id=<id2>
→ new_file_id = f3jm5-zqzfx-... (SAME node_id — overwritten in place)
Inspect version history
storage version-list profile_type=workspace profile_id=<ws_id> node_id=f3jm5-zqzfx-...
→ [{version_id: v2, current: true}, {version_id: v1, ...}]
Roll back if needed
storage version-restore profile_type=workspace profile_id=<ws_id> node_id=f3jm5-zqzfx-... version_id=v1
What overwriting covers (REPLACE is the default behavior for all name collisions):
storageversion-listversion-restorefolder (2)Uploading a file with the same name as an existing file will overwrite it, not create a renamed copy like
report (2).pdfNotes are a storage node type (alongside files and folders) that store markdown content directly on the server. They live in the same folder hierarchy as files, are versioned like any other node, and appear in storage listings with
type: "note"Create notes with
workspacecreate-noteworkspaceread-noteworkspaceupdate-noteFiles and Notes are not interchangeable, even when both hold markdown. A
uploaded via the file-upload flow is a File (.md), not a Note (type: "file"). Reading a markdown File returns text and "looks like" a note, but note-specific APIs (type: "note",update-note) reject it withread-note(error 153548). Choose the right creation path up front:Node is not a note
- If you will edit the content incrementally from an agent → use
. Pass markdown ascreate-notedirectly. Do NOT upload it as a file first.content- If it is a static artifact (report, export, attachment) → use the upload flow. Accept that
will not work later; to change the content, upload a new version by callingupdate-noteactionuploadwith the samecreate-sessionand sameparent_node_idas the existing File, thenfilename/chunk(orfinalize). Same-name uploads overwrite the File in place and preserve the previous content as a version (recover viastreamactionstorage/version-list).version-restoreWhen
fails withupdate-note, the node is almost always a File. You have two valid recovery paths — pick based on what the node should be going forward:Node is not a note
- (a) Keep it as a File and just change its bytes → use the upload flow described above (same
+parent_node_id= in-place overwrite with a version entry). The node ID does NOT change; the node stays a File.filename- (b) Convert to a Note (because you want to edit it incrementally via
from now on) → delete the File viaupdate-noteactionstorage, then calldeletewith the markdown content in the desiredcreate-note. This produces a NEW node withparent_id. Future edits usetype: "note"with the newupdate-note.node_idDo NOT use delete-and-re-upload (via the upload flow) as a fix — that just creates another File and you will hit the same
error on the nextNode is not a notecall. To verify a node's type before calling, useupdate-noteactionstorageand inspect thedetailsfield (typevs"file"vs"note"vs"folder")."link"
Creating: Provide
workspace_idparent_id"root"name.mdcontentblob_idReading: Provide
workspace_idnode_idUpdating: Provide
workspace_idnode_idname.mdcontentblob_idcontentblob_idblob_idBoth
create-noteupdate-noteblob_idcontent: optional string. Blob ID fromblob_idresponse. Recommended for large note content — avoids base64 overhead and MCP transport limits. Consumed after use. Bytes are decoded as UTF-8 and passed as note content. (used by:POST /blob,create-noteas one ofupdate-note/content)blob_id
Why this exists. MCP transports tool parameters as inline JSON strings over the JSON-RPC pipe. Sending more than a few KB of note content through the
contentPOST /blobblob_idblob_iduploadchunkstreamWhen to use which:
| Note size | Recommended path |
|---|---|
| Small edits (< ~10 KB — a few paragraphs, bullets, small sections) | Inline |
| Large notes (> ~10 KB — rich project context, transcripts, long markdown documents) | |
Notes are capped at 100 KB per node. Writes at or above 80 KB return a non-fatal warning in
_warningswithHintscreate-notearchive-2026-04-14.mdnotes-2026-W15.md| Constraint | Limit |
|---|---|
| Content encoding | Valid UTF-8 (UTF8MB4). Invalid byte sequences and control characters ( |
| Content size | 100 KB max |
| Filename | 1-100 characters, must end in |
| Markdown validation | Code blocks and emphasis markers must be balanced |
| Rate limit | 2 per 10s, 5 per 60s |
In an intelligent workspace, notes are automatically ingested and indexed just like uploaded documents. This makes notes a way to bank knowledge over time -- any facts, context, or decisions stored in notes become grounding material for future AI queries.
When an AI chat uses folder scope (or defaults to the entire workspace), notes within that scope are searched alongside files. The AI retrieves relevant passages from notes and cites them in answers.
Key behaviors:
ai_state: indexedfiles_attachai.attachtrueUse cases:
Notes support the same storage operations as files and folders: move (via
storagemovestoragecopystoragedeletestoragerestorestorageversion-liststoragedetailshttps://{domain}.fast.io/workspace/{folder_name}/storage/root?note={note_id}https://{domain}.fast.io/workspace/{folder_name}/preview/{note_id}AI chat lets agents ask questions about files stored in workspaces and shares. Two chat types are available, each with different file context options.
AI chat is read-only. It can read, analyze, search, and answer questions about file contents, but it cannot modify files, change workspace settings, manage members, or access events. Any action beyond reading file content — uploading, deleting, moving files, changing settings, managing shares, reading events — must be done through the MCP tools directly. Do not attempt to use AI chat as a general-purpose tool for workspace management.
chatchat_with_filesAuto-promotion: If you create a chat with
type=chatfiles_scopefolders_scopefiles_attachchat_with_filesindexedai.attach: trueBoth types augment answers with web knowledge when relevant.
For
chat_with_files| Feature | Folder/File Scope (RAG) | File Attachments |
|---|---|---|
| How it works | Limits RAG search space | Files read directly by AI |
| Requires intelligence | Yes | No |
| File readiness requirement | | |
| Best for | Many files, knowledge retrieval | Specific files, direct analysis |
| Max references | 100 folder refs (subfolder tree expansion) or 100 file refs | 20 files / 200 MB |
| Default (no scope given) | Entire workspace | N/A |
Scope parameters (REQUIRES intelligence — will error if intelligence is off):
folders_scopenodeId:depthfiles_scopenodeId:versionIdnodeId:versionIdversionstoragelistdetailsAttachment parameter (no intelligence required):
files_attachnodeId:versionIdfolders_scopeai.attach: trueDo not list folder contents and pass individual file IDs as
files_scopefolders_scopefiles_scopeScope vs attach:
files_scopefolders_scopefiles_attachfiles_scopefolders_scopefiles_attachThe workspace intelligence toggle (see Workspaces above) controls whether uploaded documents and code files are auto-ingested, summarized, and indexed for RAG. Each file has an
ai_state| State | Meaning |
|---|---|
| No AI processing done (file type not supported, or AI completely off) |
| Queued for AI processing |
| Currently being processed |
| Summary exists, file is attachable for AI chat, but NOT vector-indexed (intelligence OFF) |
| Summary + vector indexed — file is searchable via RAG/semantic search (intelligence ON) |
| Processing failed |
Only files with
ai_state: indexedai_state: readyindexedai.attachstoragedetailsprofile_type: "workspace"When polling for AI processing completion: if intelligence is ON, wait for
indexedreadycapabilities.can_use_intelligenceai.attachFile nodes in storage list/details responses include an
ai| Field | Type | Meaning |
|---|---|---|
| string | AI processing state ( |
| boolean | Whether the file can be used with |
| boolean | Whether the file already has an AI-generated summary |
Before using
, check that files_attach
is ai.attach
. A file is attachable when its type supports AI analysis (documents, code, images, PDFs, spreadsheets, etc.) or when it already has a summary from prior processing. Files with true
ai.attach: falseThis flag is independent of the workspace intelligence setting — a file can have
ai.attach: trueWhen to enable intelligence: You need RAG chat queries across many documents (scoped to folders or the full workspace) or semantic search via
storagesearchWhen to disable intelligence (recommended default): The workspace is for storage, sharing, collaboration, or you only need to analyze specific files via attachments. This covers most use cases. Saves significant credits. Intelligence can always be enabled later if needed.
Even with intelligence off,
chat_with_filesai.attach: trueWith folder/file scope (RAG): Write questions likely to match content in indexed files. The AI searches the scope, retrieves passages, and cites them.
With file attachments: Be direct — the AI reads the full file content. No retrieval step.
Personality: The
personalityconcisedetailedUse
concisedetailedControlling verbosity in questions: You can also guide verbosity through how you phrase the question itself:
Combining
personality: "concise"Create a chat with
aichat-createprofile_type: "workspace"aichat-createprofile_type: "share"typechatchat_with_filesquery_textpersonalityconcisedetaileddetailedprivacyprivatepublicpublicfiles_scopenodeId:versionId,...chat_with_filesfolders_scopenodeId:depth,...chat_with_filesfiles_attachnodeId:versionId,...Send follow-ups with
aimessage-sendprofile_type: "workspace""share"After creating a chat or sending a message, the AI response is asynchronous. Message states progress:
readyin_progresscompleteerroredRecommended: Call
aimessage-readprofile_type: "workspace""share"message_ideventactivity-pollCompleted AI responses include citations pointing to source files:
nodeIdversionIdentries[].pageentries[].snippetentries[].timestampAppend
?chat={chat_opaque_id}https://{domain}.fast.io/workspace/{folder_name}/storage/root?chat={chat_id}Shares support AI chat with identical capabilities. All workspace AI endpoints have share equivalents accessible via
aiprofile_type: "share"Generate temporary markdown-formatted download URLs for files that can be pasted into external AI tools (ChatGPT, Claude, etc.). Use
aishare-generateprofile_type: "workspace""share"Organizations, workspaces, and shares are all identified by 19-digit numeric profile IDs. These appear throughout the tool parameters as
workspace_idshare_idorg_idprofile_idmember_idMost endpoints also accept custom names as identifiers:
| Profile Type | Numeric ID | Custom Name |
|---|---|---|
| Workspace | 19-digit ID | Folder name (e.g., |
| Share | 19-digit ID | URL name (e.g., |
| Organization | 19-digit ID | Domain name (e.g., |
| User | 19-digit ID | Email address (e.g., |
QuickShares are temporary public download links for individual files in workspaces (not available for shares). They can be accessed without authentication. Expires in seconds from creation (default 10,800 = 3 hours, max 604,800 = 7 days) or as an ISO 8601 datetime via
expires_atFiles uploaded to Fast.io get automatic preview generation. When humans open a share or workspace, they see the content immediately -- no "download and open in another app" friction.
Supported preview formats:
Use
storagepreview-urlprofile_type: "workspace""share"storagepreview-transformprofile_type: "workspace""share"Agent use case: Your generated PDF report does not just appear as a download link. The human sees it rendered inline, can flip through pages, zoom in, and comment on specific sections -- all without leaving the browser.
Humans and agents can leave feedback directly on files, anchored to specific content using the
referenceexactprefixsuffixstart_offsetend_offsettype: "document"type: "text"@[profile:id]@[user:opaqueId:Display Name]@[file:fileId:filename.ext]Comments use JSON request bodies (
Content-Type: application/jsonListing comments: Use
commentlistcommentlist-allsortlimitoffsetinclude_deletedreference_typeinclude_totalAdding comments: Use
commentaddprofile_typeprofile_idnode_idtextparent_comment_idreference@[...]linked_entity_typelinked_entity_idDeleting comments:
commentdeletecommentbulk-deleteComment Linking: Comments can be linked to workflow entities (tasks or approvals). Each comment supports one link at a time (nullable). Use
commentlinkcommentunlinkcommentlinkedlinked_entity_typelinked_entity_idaddlinked_entity_typelinked_entity_idLinking users to comments: The preview URL opens the comments sidebar automatically. Deep link query parameters let you target a specific comment or position:
| Parameter | Format | Purpose |
|---|---|---|
| Comment opaque ID | Scrolls to and highlights a specific comment for 2 seconds |
| e.g. | Seeks to timestamp for audio/video comments |
| e.g. | Navigates to page for PDF comments |
Workspace:
https://{org.domain}.fast.io/workspace/{folder_name}/preview/{file_opaque_id}?comment={comment_id}Share:
https://go.fast.io/shared/{custom_name}/{title-slug}/preview/{file_opaque_id}?comment={comment_id}Parameters can be combined -- e.g.
?comment={id}&t=45.5Agent use case: You generate a design mockup. The human comments "Change the header color" on a specific region of the image. You read the comment, see exactly what region they are referring to via the
reference.regionText-anchored comments (markdown/notes): To anchor a comment to specific text in a markdown or notes file, use the
referencetype: "document""text"exactprefixsuffixstart_offsetend_offsetAt minimum, provide
exactprefixsuffixstart_offsetend_offsetExample -- text-anchored comment on a markdown file:
{ "action": "add", "profile_type": "workspace", "profile_id": "1234567890123456789", "node_id": "abc123-def456-ghi789", "text": "This section needs a citation", "reference": { "type": "document", "exact": "Studies show a 40% improvement", "prefix": "In the results section, ", "suffix": " compared to the baseline.", "start_offset": 1250, "end_offset": 1280 } }
Agents can import files directly from URLs without downloading them locally first. Fast.io's server fetches the file, processes it, and adds it to your workspace or share.
Use
uploadweb-importuploadweb-statusuploadweb-listAgent use case: A user says "Add this Google Doc to the project." You call
uploadweb-importMetadata enables structured data annotation on files within workspaces. The system uses a template-based approach (called "views" in the UI): administrators create templates that define the fields (name, type, constraints), then assign a template to the workspace. Files can then have metadata values set against the template fields.
Key points:
Available on all plans -- metadata templates are no longer Pro/Business-gated. Free and Agent users can create their first template.
Per-plan caps -- each plan limits both how many templates a workspace can have and how many files (nodes) each template can hold:
| Plan | Templates per workspace | Nodes per template |
|---|---|---|
| Agent | 1 | 10 |
| Free | 1 | 10 |
| Pro | 2 | 10 |
| Business | 10 | 1,000 |
Caps are enforced across automatch, manual add, and listings. On downgrade, overflow rows are preserved in storage but hidden by listings.
Truncation signaling on
-- the response includes metadata-template-preview-match
plan_node_limit-1would_truncate_atmin(total_matched, plan_node_limit)total_matchedwould_truncate_at < total_matchedmetadata-template-preview-match_warningsplan_node_limit = -1Truncation signaling on
and metadata-template-list
-- the live AI category overview states: "Listing, details, and preview endpoints return metadata-template-details
, plan_node_limit
, and an unfiltered count alongside the visible (capped) count, so consumers can render upsell messaging." The current response examples in the live reference don't show these fields explicitly, so verify the exact field names at runtime. The unfiltered count field is named is_truncated
total_count_unfilterednodes/listdetailsis_truncated
concurrency -- the server rate-limits concurrent calls per user+workspace and returns 409 Conflict when another suggest-fields call is in flight. Wait a few seconds and retry. (Earlier internal notes incorrectly said 406; live docs are authoritative — it is 409.)metadata-template-suggest-fields
cap-exceeded (REST endpoint, not exposed as an MCP action) -- returns 400 (Fast.io error code 1605, "Invalid Input") with a structured "would exceed cap" message. Concurrent calls cannot collectively exceed the cap. To pre-flight, read the per-template nodes listing endpoint and compute remaining slots from nodes/add/
plan_node_limit - total_count_unfilteredAuto-match silently caps -- the server-side
auto-matchplan_node_limitauto-matchnodes/MCP tool coverage -- the
workspacemetadata-template-{create,delete,list,details,update,clone}metadata-template-{assign,unassign,resolve,assignments}metadata-template-{preview-match,suggest-fields}metadata-{get,set,delete,extract}metadata-list-filesmetadata-list-templates-in-usemetadata-versionsnodes/addnodes/removenodes/auto-matchextract-all/metadata/eligible/Template categories -- legal, financial, business, medical, technical, engineering, insurance, educational, multimedia, hr.
Field types -- string, int, float, bool, json, url, datetime -- each with optional constraints (min, max, default, fixed_list, can_be_null).
Two metadata types -- template metadata conforms to template field definitions; custom metadata is freeform key-value pairs not tied to any template.
System templates -- pre-built templates that are automatically cloned when assigned to a workspace, so customizations do not affect the global definition.
AI extraction -- the
extractis_auto: trueVersion history -- metadata changes are tracked with version snapshots, accessible via the
versionsTemplate IDs are alphanumeric strings prefixed with
mt_mt_abc123def456The primary way agents deliver value: build something, then give it to a human. Also the recommended action when the agent plan runs out of credits and API calls start returning 402 Payment Required -- transfer the org to a human who can upgrade to a paid plan.
IMPORTANT: Account type restriction. The transfer/claim workflow (
orgtransfer-token-createtransfer-token-listtransfer-token-deletetransfer-claimauthsignupauthsigninThe flow:
authsignuporgcreateorgcreate-workspaceorgtransfer-token-createhttps://go.fast.io/claim?token=<token>When to transfer:
Managing transfer tokens:
orgtransfer-token-listorgtransfer-token-deleteorgtransfer-claimWhat happens after transfer:
Agent use case: A user says "Set up a project workspace for my team." You create the org, build out the workspace structure, upload templates, configure shares for client deliverables, invite team members -- then transfer ownership. The human walks into a fully configured platform. You stay on as admin to keep managing things.
402 Payment Required use case (agent account): While working, the agent hits credit limits. Call
orgtransfer-token-create402 Payment Required use case (human account): The agent cannot transfer the org. Instead, inform the user that their org has run out of credits and they need to upgrade their billing plan. Direct them to the Fast.io dashboard or use
orgbilling-createWorkspaces and shares support an optional workflow layer that adds structured task management, activity logging, approval gates, and simple checklists. Workflow features are controlled by a toggle -- they must be explicitly enabled before use. On shares, workflow access requires admin or named member role -- guests and view-only users cannot access workflow features.
workspaceenable-workflowworkspace_idshareenable-workflowshare_idCheck whether workflow is enabled via
workspacedetailssharedetailsworkflow: trueDisabling workflow (
workspacedisable-workflowsharedisable-workflowTasks are organized into lists. Each workspace or share can have multiple task lists, and each list contains individual tasks.
taskcreate-listtasklist-liststaskcreate-tasktasklist-taskspendingin_progresscompleteblockedtaskassign-tasktaskbulk-statustaskmove-tasklist_idtask_idtarget_task_list_idsort_ordertaskreorder-taskstaskreorder-lists{id, sort_order}created_bytaskfiltered-liststatustasksummaryformat: "md"Worklogs are append-only chronological activity logs scoped to tasks, task lists, storage nodes, or profiles. Entries cannot be edited or deleted after creation.
worklogappendworkloginterjectworklogacknowledgeworklogunacknowledgedacknowledgabletrueacknowledgedacknowledgableupdatedcreatedworklogprofile-listlistworklogfiltered-listtypeworklogsummaryformat: "md"Formal approval requests scoped to tasks, storage nodes, worklog entries, or shares. Use when a decision requires explicit sign-off.
approvalcreateprofile_typeprofile_identity_typeentity_iddescriptionapprover_idapprovalresolveprofile_typeprofile_idapproval_idresolve_action: "approve""reject"approvalbulk-createapprovalbulk-approveapprovalbulk-rejectversion_idversion_matchversion_matchapprovalfiltered-listprofile_typeprofile_idapprovalsummaryapprovalupdateprofile_typeprofile_idapproval_idapprovaldeleteprofile_typeprofile_idapproval_idapprovalbulk-deletependingapprovedrejectedformat: "md"Simple flat checklists scoped to workspaces and shares. No nesting -- just a list of items that can be checked off.
todocreateassignee_idtodotoggletodobulk-toggletodoupdatetododeletecreated_bytodofiltered-listtodosummaryformat: "md"Notes (
type: "note"Recommended pattern: Create notes for project context and requirements. Create task lists for work phases. Link tasks to relevant notes. Log progress with worklogs. Request approvals for decisions. The AI can then answer questions like "Why did we choose this approach?" by searching across all of these artifacts.
Several tools use permission parameters with specific allowed values. Use these exact strings when calling the tools.
orgcreate| Parameter | Allowed Values | Default |
|---|---|---|
| | |
| | |
| | |
orgcreate-workspaceworkspaceupdate| Parameter | Allowed Values | Default |
|---|---|---|
| | |
| | |
sharecreate| Parameter | Allowed Values | Default |
|---|---|---|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
Share constraints:
Anyone with the linkpasswordaccess_optionsAnyone with the linkexpiresYYYY-MM-DD HH:MM:SSworkspace_folderworkspace_folderintelligence=falseintelligence=truefiles_attachcustom_nametitledescriptionaccent_colorbackground_color1background_color2create_folderstorage_mode='workspace_folder'anonymous_uploads_enabledAll profile fields are validated server-side. Requests that violate these constraints are rejected with a 400 error.
| Entity | Field | API Key | Min | Max | Pattern | Required | Nullable |
|---|---|---|---|---|---|---|---|
| Org | domain | | 2 | 63 | | Yes (create) | No |
| Org | name | | 3 | 100 | No control chars | Yes | No |
| Org | description | | 10 | 1000 | No control chars | No | Yes |
| Workspace | folder_name | | 4 | 80 | | Yes (create) | No |
| Workspace | name | | 2 | 100 | No control chars | Yes | No |
| Workspace | description | | 10 | 1000 | No control chars | No | Yes |
| Share | custom_name | | 4 | 80 | | Yes (create) | No |
| Share | custom_url | | 10 | 100 | — | Yes | Yes |
| Share | title | | 2 | 80 | No control chars | Yes | Yes |
| Share | description | | 10 | 500 | No control chars | No | Yes |
\p{C}{org_id}-{name}create-workspaceThe agent plan is a free tier designed for AI agents. No credit card, no trial period, no expiration. Enough resources to build and demonstrate value, with room to grow when the org transfers to a human on a paid plan.
| Resource | Included |
|---|---|
| Price | $0 -- no credit card, no trial period, no expiration |
| Storage | 50 GB |
| Max file size | 1 GB |
| Monthly credits | 5,000 (resets every 30 days) |
| Workspaces | 5 |
| Shares | 50 |
| Members per workspace | 5 |
| Share invitations | 10 per share |
| Account auto-deletion | Never |
All platform activity consumes credits from the monthly 5,000 allowance:
| Resource | Cost |
|---|---|
| Storage | 100 credits/GB |
| Bandwidth | 212 credits/GB |
| AI chat tokens | 1 credit per 100 tokens |
| Document pages ingested | 10 credits/page |
| Video ingested | 5 credits/second |
| Audio ingested | 0.5 credits/second |
| Images ingested | 5 credits/image |
| File conversions | 25 credits/conversion |
When credits run out, the org enters a reduced-capability state and API calls return 402 Payment Required. The org is never deleted. Use
orglimitsWhen you hit 402 or run low on credits:
authsignuporgtransfer-token-createhttps://go.fast.io/claim?token=<token>authsigninorgbilling-createOnce an agent transfers an org to a human, the human gets a free plan (credit-based, no trial period) and can upgrade:
| Feature | Agent (Free) | Free (Human) | Pro | Business |
|---|---|---|---|---|
| Monthly credits | 5,000 | 5,000 | Unlimited | Unlimited |
| Storage | 50 GB | 50 GB | 1 TB | 5 TB |
| Max file size | 1 GB | 1 GB | 25 GB | 50 GB |
| Workspaces | 5 | 5 | 10 | 1,000 |
| Shares | 50 | 50 | 1,000 | 50,000 |
The transfer flow is the primary way agents deliver value: set everything up on the free agent plan, then hand it off. The human upgrades when they are ready, and the agent retains admin access to keep managing things.
The 19 tools use action-based routing. Each tool covers a specific area of the Fast.io platform and exposes multiple actions.
Authentication, sign-in/sign-up, two-factor authentication, API key management, and OAuth session management. This is always the starting point for any agent interaction.
Actions: signin, signout, signup, check, session, status, set-api-key, email-check, email-verify, password-reset-request, password-reset, 2fa-verify, 2fa-status, 2fa-enable, 2fa-disable, 2fa-send, 2fa-verify-setup, pkce-login, pkce-complete, api-key-create, api-key-update, api-key-list, api-key-get, api-key-delete, oauth-list, oauth-details, oauth-revoke, oauth-revoke-all
Retrieve and update the current user profile, search your contacts, manage invitations, upload and delete user assets (profile photos), check account eligibility, and list shares the user belongs to.
Actions: me, update, search-contacts, close, details-by-id, profiles, allowed, org-limits, list-shares, invitation-list, invitation-details, accept-all-invitations, asset-upload, asset-delete, asset-types, asset-list
searches your personal contact list (prior interactions) and returnssearch-contactsonly — no user_id, no context scope. To find members of a specific workspace/share/org, use{email: name},org action=members, orworkspace action=members.share action=members
Organization CRUD, member management, billing and subscription operations, workspace creation, invitation workflows, asset management (upload, delete), organization discovery, ownership transfer, and custom domain management.
Actions: list, details, create, update, close, public-details, limits, list-workspaces, list-shares, create-workspace, billing-plans, billing-create, billing-cancel, billing-details, billing-activate, billing-reset, billing-members, billing-meters, members, invite-member, remove-member, update-member-role, member-details, leave, transfer-ownership, join, invitations-list, invitation-update, invitation-delete, transfer-token-create, transfer-token-list, transfer-token-delete, transfer-claim, discover-all, discover-available, discover-check-domain, discover-external, asset-upload, asset-delete, asset-types, asset-list, custom-domain-get, custom-domain-create, custom-domain-delete
Workspace-level settings, lifecycle operations (update, delete, archive, unarchive), listing and importing shares, managing workspace assets, workspace discovery, notes (create, read, update), quickshare management, metadata operations (template CRUD, assignment, file metadata get/set/delete, AI extraction), and workflow toggle (enable/disable tasks, worklogs, approvals, and todos).
Actions: list, details, update, delete, archive, unarchive, members, list-shares, import-share, available, check-name, create-note, read-note, update-note, quickshare-get, quickshare-delete, quickshares-list, metadata-template-create, metadata-template-delete, metadata-template-list, metadata-template-details, metadata-template-update, metadata-template-clone, metadata-template-preview-match, metadata-template-suggest-fields, metadata-template-assign, metadata-template-unassign, metadata-template-resolve, metadata-template-assignments, metadata-get, metadata-set, metadata-delete, metadata-extract, jobs-status, metadata-list-files, metadata-list-templates-in-use, metadata-versions, enable-workflow, disable-workflow
Share CRUD, public details, archiving, password authentication, asset management, share name availability checks, and workflow toggle (enable/disable tasks, worklogs, approvals, and todos).
Actions: list, details, create, update, delete, public-details, archive, unarchive, password-auth, members, available, check-name, quickshare-create, enable-workflow, disable-workflow
File and folder operations within workspaces and shares. List, list recently modified files across all folders, create folders, move, copy, delete, rename, purge, restore, search (keyword or semantic when intelligence is enabled), add files from uploads, add share links, transfer nodes, manage trash, version operations, file locking, and preview/transform URL generation. Requires
profile_typecontext_typeworkspaceshareActions: list, recent, details, search, trash-list, create-folder, copy, move, delete, rename, purge, restore, add-file, add-link, transfer, version-list, version-restore, lock-acquire, lock-status, lock-release, preview-url, preview-transform
File upload operations. Chunked upload lifecycle (create session, upload chunks as plain text or blob reference, finalize, check status, cancel), single-call streaming uploads (
stream-uploadPOST /blobActions: create-session, stream-upload, chunk, stream, finalize, status, cancel, list-sessions, cancel-all, chunk-status, chunk-delete, web-import, web-list, web-cancel, web-status, limits, extensions, blob-info
Generate download URLs and ZIP archive URLs for workspace files, share files, and quickshare links. MCP tools cannot stream binary data -- these actions return URLs that can be opened in a browser or passed to download utilities. Requires
profile_typecontext_typeworkspaceshareresource_uridownload://workspace/{id}/{node_id}?error=htmlActions: file-url, zip-url, quickshare-details
AI-powered RAG chat, document analysis, and shareable summaries in workspaces and shares. Create chats, send messages, read AI responses (with polling), list and manage chats, publish private chats, generate AI share markdown, track AI token usage, and auto-title generation. Requires
profile_typecontext_typeworkspaceshareActions: chat-create, chat-list, chat-details, chat-update, chat-delete, chat-publish, message-send, message-list, message-details, message-read, share-generate, transactions, autotitle
Comments are scoped to
{entity_type}/{parent_id}/{node_id}workspaceshareActions: list, list-all, add, delete, bulk-delete, details, reaction-add, reaction-remove, link, unlink, linked
Search the audit/event log with rich filtering by category, subcategory, and event name (see Event Filtering Reference in section 7 for the full taxonomy). Get AI-powered summaries of activity, retrieve full details for individual events, list recent activity, and long-poll for activity changes.
Actions: search, summarize, details, activity-list, activity-poll
Member management for workspaces and shares. Add, remove, update roles, transfer ownership, leave, join, and join via invitation. Member lists include both active and pending (invited but not yet registered) members — pending members have
status: "pending"inviteidcreatedexpiresentity_typeworkspaceshareActions: add, remove, details, update, transfer-ownership, leave, join, join-invitation
Invitation management for workspaces and shares. List invitations, list by state, update, and delete/revoke. Deleting a pending member's invitation also removes them from the member list and unassigns their workflow items (tasks, approvals, todos). Requires
entity_typeworkspaceshareActions: list, list-by-state, update, delete
Asset management (upload, delete, list, read) for organizations, workspaces, shares, and users. Requires
entity_typeorgworkspaceshareuserActions: upload, delete, types, list, read
Task list and task management for workspaces and shares. Create and manage task lists, then create tasks within them with statuses, priorities, assignees, and dependencies. Supports bulk status changes, reordering, and markdown output. Tasks and lists include
created_byActions: list-lists, create-list, list-details, update-list, delete-list, list-tasks, create-task, task-details, update-task, delete-task, change-status, assign-task, bulk-status, move-task, reorder-tasks, reorder-lists, filtered-list, summary
Activity log for tracking agent work. After uploads, task changes, share creation, or any significant action, log what you did and why — builds a searchable audit trail for humans and AI. Also create urgent interjections that require acknowledgement. Entries are append-only and permanent. Requires workflow to be enabled on the target entity.
Actions: append, list, interject, details, acknowledge, unacknowledged, profile-list, filtered-list, summary
Formal approval requests scoped to tasks, storage nodes, worklog entries, or shares. Create approval requests with designated approvers, then resolve them with approve or reject decisions. Requires workflow to be enabled on the target entity.
Actions: list, create, details, resolve, bulk-create, bulk-approve, bulk-reject, filtered-list, summary, update, delete, bulk-delete
Simple flat checklists scoped to workspaces and shares. Create, update, delete, toggle todos individually or in bulk. Todos include
created_byActions: list, create, details, update, delete, toggle, bulk-toggle, filtered-list, summary
Interactive MCP App widget discovery and launching. List available widgets, get details for a specific widget, launch a widget with workspace or share context, and find widgets associated with a specific tool domain.
Actions: list, details, launch, get-tool-apps
See Choosing the Right Approach in section 2 for which option fits your scenario.
Option 1 -- Autonomous agent (new account):
authemail-checkemailauthsignupfirst_namelast_nameemailpasswordauthemail-verifyemailauthemail-verifyemailemail_tokenorgcreateorglistOption 2 -- Assisting a human (API key):
https://go.fast.io/settings/api-keysauthset-api-keyorglistorgdiscover-externalOption 3 -- Agent invited to a human's org:
authsignuporginvite-membermemberaddentity_type: "workspace"useraccept-all-invitationsorglistorgdiscover-externaldiscover-externalReturning users:
authsigninemailpasswordtwo_factor_required: trueauth2fa-verifycodeorglistorgdiscover-externalorglistorgdiscover-externalorg_idorglist-workspacesorg_idworkspace_idstoragelistprofile_type: "workspace"profile_idnode_id: "root"node_idstoragedetailsprofile_type: "workspace"profile_idnode_iddownloadfile-urlprofile_type: "workspace"profile_idnode_idresource_uridownload://workspace/{id}/{node_id}All files use the
sidecar. This is the only supported upload data path — it bypasses MCP transport limits, has no base64 overhead, and works for text and binary files of any size.POST /blob
Option A:
(preferred for URL-accessible files)
If the file has a URL (HTTP/HTTPS, Google Drive, OneDrive, Box, Dropbox), use web-import
uploadweb-importOption B:
sidecar (all other files — text or binary)POST /blob
uploadcreate-sessionprofile_typeprofile_idparent_node_idfilenamefilesizeblob_upload.curl_commandblob_upload.curl_command@<file>{ "blob_id": "<uuid>", "size": <bytes> }uploadchunkupload_idchunk_number: 1blob_id: "<blob_id>"uploadfinalizeupload_idIMPORTANT: The
blob_upload.session_idMcp-Session-Id/blobchunkTwo options for passing chunk data (provide exactly one):
blob_idPOST /blobblob_refcontentPOST /blobblob_iduploadfinalizeupload_idstatus: "stored""complete"new_file_idassembly_failedstore_failedstatus_messageUpload status states:
| Status | Meaning | Terminal? |
|---|---|---|
| Session created, awaiting chunks | No |
| Chunks being received | No |
| Assembly in progress | No |
| Assembled, awaiting storage import | No |
| Being imported to storage | No |
| Done — file is in storage, | Yes (success) |
| Assembly error | Yes (failure) |
| Storage import failed | Yes (failure) |
Note:
storageadd-fileSame-name uploads (REPLACE in place, versioned): If a file with the same name already exists in the target folder, the upload overwrites the existing node in place. The
node_idstorageversion-listversion-restoreversion_idnode_idDeterministic overwrite by node_id: If the filename may have drifted, or you want to avoid re-resolving the parent folder, pass
target_node_idcreate-sessionparent_node_idfilenameaction=updatefile_id=<target_node_id>node_idstorageversion-liststoragelistdetailsuploadcreate-sessiontarget_node_idPOST /blobchunkstreamfinalizeUse this when you have a file URL (HTTP/HTTPS, Google Drive, OneDrive, Box, Dropbox) and want to add it to a workspace without downloading locally.
uploadweb-importurlprofile_type: "workspace"profile_idparent_node_id"root"upload_iduploadweb-statusupload_idCreate a branded, professional share for outbound file delivery. This replaces raw download links, email attachments, and S3 presigned URLs.
sharecreateworkspace_idnametype: "send"share_idshareupdateshare_idpasswordexpiry_dateaccess_leveldownload_securityoffmediumhighbackground_coloraccent_colorgradient_colorpost_download_messagepost_download_urlmemberaddentity_type: "share"entity_idemail_or_user_idassetuploadentity_type: "share"entity_idCreate a Receive share so humans can upload files directly to you -- no email attachments, no cloud drive links. For public collection (e.g., job applications, form submissions), enable
anonymous_uploads_enabledsharecreateworkspace_idnametype: "receive"share_idanonymous_uploads_enabled: trueaccess_optionsshareupdateshare_idmemberaddentity_type: "share"entity_idemail_or_user_idaichat-createprofile_type: "share"Create an intelligent workspace that auto-indexes all content for RAG queries.
orgcreate-workspaceorg_idnameintelligence: "true"aichat-createprofile_type: "workspace"profile_idquery_texttype: "chat_with_files"folders_scopenodeId:depthaimessage-readprofile_type: "workspace"profile_idchat_idmessage_idresponse_textcitationsstoragesearchprofile_type: "workspace"profile_idTwo modes depending on whether intelligence is enabled on the workspace.
With intelligence (persistent index):
aichat-createprofile_type: "workspace"profile_idquery_texttype: "chat_with_files"files_scopenodeId:versionIdfolders_scopenodeId:depthfiles_scopefiles_attachchat_idmessage_idaimessage-readprofile_type: "workspace"profile_idchat_idmessage_idresponse_textcitationseventactivity-pollmessage-readaimessage-sendprofile_type: "workspace"profile_idchat_idquery_textmessage_idaimessage-readmessage_idWithout intelligence (file attachments):
aichat-createprofile_type: "workspace"profile_idquery_texttype: "chat_with_files"files_attachnodeId:versionIdai.attach: truestoragedetailsaimessage-readThe full agent-to-human handoff workflow. This is the primary way agents deliver value on Fast.io.
orgcreateorgcreate-workspaceorg_idnamestoragecreate-folderprofile_type: "workspace"sharecreatetype: "send"type: "receive"shareupdateorginvite-membermemberaddentity_type: "workspace"orgtransfer-token-createorg_idhttps://go.fast.io/claim?token=<token>orgbilling-plansorgbilling-createorg_idbilling_planorgbilling-detailsorg_idorglimitsorg_idTrack work with structured task lists and tasks.
workspaceenable-workflowworkspace_idtaskcreate-listprofile_type: "workspace"profile_idnamelist_idtaskcreate-tasklist_idtitledescriptionpriorityassignee_iddependenciesnode_idstatustasklist-taskslist_idstatusassigneetaskchange-statuslist_idtask_idstatuspendingin_progresscompletetaskassign-tasklist_idtask_idassignee_idtaskbulk-statuslist_idtask_idsstatusThe complete agentic workflow pattern: plan work, execute with logging, and gate decisions with approvals.
workspaceenable-workflowworkspace_idworkspacecreate-notetaskcreate-listtaskcreate-tasktaskchange-statusstatus: "in_progress"worklogappendentity_typeentity_idcontentworkloginterjectworklogunacknowledgedworklogacknowledgeapprovalcreateprofile_typeprofile_identity_typeentity_iddescriptionapprover_idapprovalresolveresolve_action: "approve""reject"commenttaskchange-statusstatus: "complete"todocreateaichat-createAction names use hyphens as separators (e.g.
create-sessionlist-sharescreate_sessioncreate-sessionTools that operate on workspaces or shares use
profile_typeprofile_idcontext_typecontext_idProfile IDs (org, workspace, share, user) are 19-digit numeric strings. Most endpoints also accept custom names as identifiers -- workspace folder names, share URL names, org domain names, or user email addresses. Both formats are interchangeable in URL path parameters.
All other IDs (node IDs, upload IDs, chat IDs, comment IDs, invitation IDs, etc.) are 30-character alphanumeric opaque IDs (displayed with hyphens). Do not apply numeric validation to these.
Two pagination styles are used depending on the endpoint:
Cursor-based (storage list endpoints):
sort_bysort_dirpage_sizecursornext_cursorstoragelistprofile_type: "workspace""share"Limit/offset (all other list endpoints):
limitoffsetorglistmemberslist-workspaceslist-sharesbilling-membersdiscover-alldiscover-externalsharelistmembersworkspacelistmemberslist-sharesuserlist-sharesstoragesearchMCP tools return download URLs -- they never stream binary content directly.
downloadfile-urlprofile_type: "workspace""share"downloadquickshare-details/requestread/downloadzip-urlAuthorizationAll file uploads go through the
POST /blobPrefer
for URL-accessible files. If the file is accessible via any URL (HTTP/HTTPS, Google Drive, OneDrive, Box, Dropbox), useweb-importactionuploadinstead of chunked upload. It's a single tool call — no chunking, no session management.web-import
Call
uploadlimitsaction_contextinstance_idfile_idorgResponse fields:
| Field | Description | Free/Agent | Pro | Business |
|---|---|---|---|---|
| Maximum chunk size | 100 MB | 100 MB | 100 MB |
| Maximum file size per upload | 1 GB | 25 GB | 50 GB |
| Maximum chunks per session | 35 | 550 | 550 |
| Maximum concurrent sessions | 150 | 7,500 | 7,500 |
| Max aggregate size of all sessions | 6.6 GB | 160 GB | 320 GB |
Note: The API returns maximum limits. The minimum chunk size (1 MB) is a fixed system constant not returned by this endpoint — it applies to all plans equally.
| File Type | Size Known? | Recommended Approach |
|---|---|---|
| Any file with a URL | N/A | |
| Text or binary, no URL | Yes | |
| Generated/piped content, no URL | No | |
POST /blobA sidecar HTTP endpoint that accepts raw data outside the JSON-RPC pipe. This bypasses MCP transport limits entirely — no base64 encoding, no parameter size constraints. Works for text and binary files of any size.
Getting the endpoint URL and session ID: The
create-sessionblob_uploadcurlblob-infouploadblob-infoChunked flow (known size):
uploadcreate-sessionprofile_typeprofile_idparent_node_idfilenamefilesizeblob_upload.curl_commandcurlPOST /blobblob_upload{ "blob_id": "<uuid>", "size": <bytes> }uploadchunkupload_idchunk_numberblob_id: "<blob_id>"uploadfinalizeStream flow (unknown size) — preferred single-call path:
POST /blobblob-infoblob_uploadcreate-session{ "blob_id": "<uuid>", "size": <bytes> }uploadstream-uploadprofile_typeprofile_idparent_node_idfilenameblob_id: "<blob_id>"max_sizehashhash_algostream-uploadStream flow (explicit two-step — when you need the session ID between calls):
uploadcreate-sessionprofile_typeprofile_idparent_node_idfilenamestream=truefilesizemax_sizePOST /blob{ "blob_id": "<uuid>", "size": <bytes> }uploadstreamupload_idblob_id: "<blob_id>"hashhash_algofinalize
guidance — always overestimate, never undershoot. max_size
max_sizemax_sizePOST /blobcreate-sessionchunkfinalizeuploadlimitsStream restrictions: Stream sessions cannot use
chunkfinalizestreamOverwriting an existing file (do not delete-then-reupload). Same-name uploads into the same parent folder overwrite the existing node in place —
node_idcreate-sessionparent_node_idfilenamePOST /blobchunkstreamfinalizetarget_node_idcreate-sessionaction=updatefile_id=<target_node_id>parent_node_idfilenamestorageversion-listversion-restoreversion_idnode_idBlob constraints:
?transport=sse/blobThe
eventsearchsummarizecategorysubcategoryevent| Category | What It Covers |
|---|---|
| Account creation, updates, deletion, avatar changes |
| Organization lifecycle, settings, transfers |
| Workspace creation, updates, archival, file operations |
| Share lifecycle, settings, file operations |
| File and folder operations (cross-profile) |
| AI chat, summaries, RAG indexing |
| Member invitations sent, accepted, declined |
| Subscriptions, trials, credit usage |
| Custom domain configuration |
| Application integrations |
| Metadata extraction, templates, key-value updates |
| Subcategory | What It Covers |
|---|---|
| File/folder add, move, copy, delete, restore, download |
| Comment created, updated, deleted, mentioned, replied, reaction |
| Member added/removed from org, workspace, or share |
| Profile created, updated, deleted, archived |
| Configuration and preference changes |
| Security-related events (2FA, password) |
| Login, SSO, session events |
| AI processing, chat, indexing |
| Invitation management |
| Subscription and payment events |
| Avatar/asset updates |
| Upload session management |
| Cross-profile file transfers |
| Quick share operations |
| Metadata operations |
File operations (workspace):
workspace_storage_file_addedworkspace_storage_file_deletedworkspace_storage_file_movedworkspace_storage_file_copiedworkspace_storage_file_updatedworkspace_storage_file_restoredworkspace_storage_folder_createdworkspace_storage_folder_deletedworkspace_storage_folder_movedworkspace_storage_download_token_createdworkspace_storage_zip_downloadedworkspace_storage_file_version_restoredworkspace_storage_link_addedFile operations (share):
share_storage_file_addedshare_storage_file_deletedshare_storage_file_movedshare_storage_file_copiedshare_storage_file_updatedshare_storage_file_restoredshare_storage_folder_createdshare_storage_folder_deletedshare_storage_folder_movedshare_storage_download_token_createdshare_storage_zip_downloadedComments:
comment_createdcomment_updatedcomment_deletedcomment_mentionedcomment_repliedcomment_reactionMembership:
added_member_to_orgadded_member_to_workspaceadded_member_to_shareremoved_member_from_orgremoved_member_from_workspaceremoved_member_from_sharemembership_updatedWorkspace lifecycle:
workspace_createdworkspace_updatedworkspace_deletedworkspace_archivedworkspace_unarchivedShare lifecycle:
share_createdshare_updatedshare_deletedshare_archivedshare_unarchivedshare_imported_to_workspaceAI:
ai_chat_createdai_chat_new_messageai_chat_updatedai_chat_deletedai_chat_publishednode_ai_summary_createdworkspace_ai_share_createdMetadata:
metadata_kv_updatemetadata_kv_deletemetadata_kv_extractmetadata_template_updatemetadata_template_deletemetadata_template_settings_updatemetadata_view_updatemetadata_view_deletemetadata_template_selectQuick shares:
workspace_quickshare_createdworkspace_quickshare_updatedworkspace_quickshare_deletedworkspace_quickshare_file_downloadedworkspace_quickshare_file_previewedInvitations:
invitation_email_sentinvitation_acceptedinvitation_declinedUser:
user_createduser_updateduser_deleteduser_email_resetuser_asset_updatedOrg:
org_createdorg_updatedorg_closedorg_transfer_token_createdorg_transfer_completedBilling:
subscription_createdsubscription_cancelledbilling_free_trial_endedeventsearchworkspace_idsubcategory: "comments"eventsearchshare_idevent: "share_storage_file_added"eventsearchorg_idsubcategory: "members"eventsearchworkspace_idcategory: "ai"eventsearchshare_idevent: "share_storage_download_token_created"Three mechanisms for detecting changes, listed from most to least preferred:
eventactivity-pollai_chat:{chatId}storagememberslastactivityeventactivity-listWhy this matters: Do not poll detail endpoints (like
aimessage-readeventactivity-pollaimessage-readprofile_type: "workspace""share"eventactivity-polleventactivity-pollentity_idai_chat:{chatId}aimessage-readaichat-createserver_dateeventactivity-pollentity_idlastactivityserver_dateaimessage-readstoragelistlastactivityserver_datestoragedeleteprofile_type: "workspace""share"storagerestorestoragepurgeAlways confirm with the user before calling purge operations.
Storage nodes can be files, folders, notes, or links. The type is indicated in the storage details response. Notes are markdown-content nodes (a distinct node type —
type: "note"type: "file"workspacecreate-noteworkspaceread-noteworkspaceupdate-notestorageadd-linkAll text content (notes, comments, worklogs, file uploads, descriptions) must use Unix-style line feeds (
\n\n\r\n\r\nEncoding rules:
\n\r\n\r\t\n\r\p{C}\n\n\n\nThis applies to:
workspacecreate-noteupdate-noteuploadchunkcontentcommentaddworklogappendinterjectFailed API calls throw errors with two fields:
codetext403 and scoped keys: If using a scoped API key (or scoped OAuth token), 403 errors often mean the target resource is outside the key's granted scope, not a role/permissions issue. Check
authstatusscopes_detailRead-only scope and tool filtering: When authenticated with a read-only scoped key (all entity grants have
:rreadOnlyHint=truedestructiveHint=falseThe auth token, user ID, email, token expiry, and refresh token are persisted in the server session. There is no need to pass tokens between tool calls. The session survives across multiple tool invocations within the same MCP connection. OAuth sessions auto-refresh silently -- access tokens are renewed before expiry via an internal alarm, so sessions remain active for up to 30 days (the refresh token lifetime) without user intervention.
MCP tools manage data via the API, but humans access Fast.io through a web browser. Always use the
field from tool responses -- it is a ready-to-use, clickable URL for the resource. Include it in your responses whenever you create or reference a workspace, share, file, note, or transfer. The human cannot see API responses directly -- the URL you provide is how they get to their content. Fall back to the URL patterns below only when web_url
web_urlAutomatic
field. All entity-returning tool responses include aweb_urlfield — a ready-to-use, human-friendly URL for the resource. NEVER construct URLs manually — always use theweb_urlfield from tool responses. It appears on: org list/details/create/update/public-details/discover-*, org list-workspaces/list-shares, workspace list/details/update/available/list-shares, share list/details/create/update/public-details/available, storage list/details/search/trash-list/copy/move/rename/restore/add-file/create-folder/version-list/version-restore/preview-url/preview-transform, quickshare create/get/list, upload finalize, download file-url/quickshare-details, AI chat-create/chat-details/chat-list, transfer-token create/list, and notes create/update. Fall back to the URL patterns below only whenweb_urlis absent (e.g., share context storage operations).web_url
Organization
domain"acme"https://acme.fast.io/go.fast.io| What the human needs | URL pattern |
|---|---|
| Workspace root | |
| Specific folder | |
| File preview | |
| File with specific comment | |
| File at video/audio time | |
| File at PDF page | |
| AI chat in workspace | |
| Note in workspace | |
| Note preview | |
| Browse workspaces | |
| Edit share settings | |
| Org settings | |
| Billing | |
| What the human needs | URL pattern |
|---|---|
| Public share | |
| Org-branded share | |
| File in share | |
| File in share with comment | |
| QuickShare | |
| Claim org transfer | |
| Onboarding | |
| Value | API source |
|---|---|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
Always provide URLs to the human in these situations:
https://acme.fast.io/workspace/q4-reports/storage/roothttps://go.fast.io/shared/q4-financials/Q4-Financial-Reporthttps://go.fast.io/claim?token=abc123Important: The
domainacmefolder_nameq4-reports_next_warnings_recoveryWorkflow-critical tool responses include a
_next{ "workspace_id": "...", "web_url": "https://acme.fast.io/workspace/q4-reports/storage/root", "_next": [ "Upload files: upload action create-session + blob or web-import", "Create a share: share action create", "Query with AI: ai action chat-create" ] }
appear on destructive, irreversible, or potentially problematic actions. Always read warnings before proceeding -- they flag permanent consequences or important caveats. Actions with _warnings
_warnings
hints appear on error responses (when _recovery
isError: true| HTTP Status | Recovery |
|---|---|
| 400 | Check required parameters and ID formats |
| 401 | Re-authenticate: auth action signin or set-api-key. If the error says "Session expired", the prior session timed out -- re-auth to continue. If "Not authenticated", no session exists yet. |
| 402 | Credits exhausted -- check balance: org action limits |
| 403 | Permission denied -- check role: org action details |
| 404 | Resource not found -- verify the ID, use list actions to discover valid IDs |
| 409 | Conflict -- resource may already exist |
| 413 | Request too large -- reduce file/chunk size |
| 422 | Validation error -- check field formats and constraints |
| 429 | Rate limited -- wait 2-4s and retry with exponential backoff |
| 500/503 | Server error -- retry after 2-5 seconds |
Pattern-based recovery: error messages are also matched against common patterns (e.g., "email not verified", "workspace not found", "intelligence disabled") to provide specific recovery steps even when the HTTP status is generic.
is included in workspace details responses. It shows which AI modes are available based on the workspace intelligence setting:ai_capabilities
files_scopefolders_scopefiles_attachfiles_attach
is included in storage list and search responses when files have AI processing state. States: _ai_state_legend
indexedreadypendinginprogressdisabledfailed_attach_fieldai.attachfiles_attach
provides contextual metadata on specific responses. Currently used by comment add when anchoring is involved, providing _context
anchor_formatsAll tool actions now include
hints. Every successful tool response includes contextual next-step suggestions. Key workflow transitions: auth → org list/create, org create → workspace create, workspace create → upload/share/AI, upload → AI chat/comment/download, share create → add files/members, AI chat create → message read. The hints include the exact tool name, action, and relevant IDs from the current response._next
Tool annotations: Tools include MCP annotation hints --
readOnlyHintdestructiveHintidempotentHintopenWorldHintDestructive action tags: Actions that perform irreversible operations (delete, purge, close, etc.) have
[DESTRUCTIVE]destructiveHintResource completion and listing: The workspace and share download resource templates support both dynamic listing (
resources/listcompletion/completeThe following actions work without a session:
authsigninsignupset-api-keypkce-loginemail-checkpassword-reset-requestpassword-resetdownloadquickshare-detailsAll tool responses are GitHub-flavored Markdown (CommonMark + tables). No JSON envelopes.
For most tools, markdown is rendered client-side from the API's JSON envelope using the same rules as the platform's
?output=markdownA handful of list/activity actions additionally accept a
detail| Tool | Action | Accepts | Default |
|---|---|---|---|
| event | search | terse | standard | full | standard |
| event | activity-list | terse | standard | full | standard |
| event | activity-poll | terse | standard | full | terse |
| comment | list | terse | standard | full | standard |
What each level returns (cumulative — each adds to the previous):
detailFor storage/share/org/workspace list/search operations (and any other action that returns file or entity lists), responses are markdown too — rendered locally — but do not currently accept a
detailfullsearchlimitoffsetSeparate from the generic markdown output, tasks/todo/approval/worklog tools still accept
format: 'md'Fast.io MCP Server includes interactive HTML5 widgets that render rich UIs directly in agent conversations. Widgets communicate with the MCP server through tool calls and display file browsers, dashboards, workflow managers, and more.
| Widget | Resource URI | Description |
|---|---|---|
| File Picker | | Browse and pick files to attach to your conversation — navigate folders, search, preview, select files for the agent. Also supports file management (upload, move, copy, delete) in workspace and share contexts |
| Workspace Picker | | Org/workspace/share selection with search, 4-step workspace creation wizard, 5-step share creation wizard |
| File Viewer | | Unified file preview (image, PDF, video, audio, code, spreadsheet) with info panel (details, versions, AI summary, metadata) |
| Workflow Manager | | Task board, task detail, approvals panel, todos checklist, worklog viewer |
| Comments Panel | | Threaded comments, reactions, anchored comments (image regions, timestamps) |
| Uploader | | Upload files to a workspace or share with drag-and-drop, chunked uploads via POST /blob sidecar, and web URL imports with real-time progress tracking |
The Uploader widget provides a 4-step file upload flow:
The widget uses the
uploadstorageLaunch via prompt: Use the
App: Upload FilesLaunch via tool:
apps action launch app_id uploader profile_type workspace profile_id <workspace_id>
The
appsappslistappsdetailsapp_idappslaunchapp_idprofile_typecontext_typeprofile_idcontext_idappsget-tool-appstool_nameAll widgets accept workspace or share context:
profile_type: "workspace"profile_id: "<workspace_id>"profile_type: "share"profile_id: "<share_id>"Widgets use a shared design system matching the Fast.io frontend:
data-themeapps action launch app_id file-picker profile_type workspace profile_id <workspace_id>
apps action get-tool-apps tool_name storage
All 19 tools with their actions organized by functional area. Each entry shows the action name and its description. Workflow tools (task, worklog, approval, todo) require workflow to be enabled on the target workspace or share.
signin -- Sign in to Fast.io with email and password. Returns a JWT auth token. If the account has 2FA enabled the token will have limited scope until 2fa-verify is called. The token is stored in the session automatically.
set-api-key -- Authenticate using a Fast.io API key. The key is validated against the API and stored in the MCP session -- all subsequent tool calls are authenticated automatically. By default, keys have the same permissions as the account owner. Scoped keys restrict access to specific entities (same scope system as OAuth tokens) -- operations outside the granted scope return 403. When a scoped key is detected, the response includes
scopes_detailsignup -- Create a new Fast.io agent account (agent=true), then automatically sign in. Sets account_type to "agent" and assigns the free agent plan. Email verification is required after signup -- call email-verify to send a code, then call it again with the code to verify. Most endpoints require a verified email. No authentication required for signup itself.
check -- Check whether the current session token is still valid. Returns the user ID associated with the token.
session -- Get current session information for the authenticated user, including profile details such as name, email, and account flags.
signout -- Sign out by clearing the stored session. If currently authenticated the token is verified first.
2fa-verify -- Complete two-factor authentication by submitting a 2FA code. Call this after signin returns two_factor_required: true. The new full-scope token is stored automatically.
email-check -- Check if an email address is available for registration. No authentication required.
password-reset-request -- Request a password reset email. Always returns success for security (does not reveal whether the email exists). No authentication required.
password-reset -- Set a new password using a reset code received by email. No authentication required.
email-verify -- Send or validate an email verification code. When email_token is omitted a new code is sent. When provided the code is validated and the email marked as verified.
status -- Check local session status. No API call is made. Returns whether the user is authenticated, and if so their user_id, email, auth_method (
"api_key""jwt""oauth"pkce-login -- Start a browser-based PKCE login flow. Returns a URL for the user to open in their browser. After signing in and approving access, the browser displays an authorization code. The user copies the code and provides it to pkce-complete to finish signing in. No password is sent through the agent. Optional params:
scope_type"user""org""workspace""all_orgs""all_workspaces""all_shares"agent_namepkce-complete -- Complete a PKCE login flow by exchanging the authorization code for an access token. Call this after the user has approved access in the browser and copied the code from the screen. The token is stored in the session automatically. If scoped access was granted, the response includes
scopes"org:123:rw"agent_nameapi-key-create -- Create a new persistent API key. The full key value is only returned once at creation time -- store it securely. Optional parameters:
namescopes["org:123:rw", "workspace:456:r"]agent_namekey_expirestokenapi-key-update -- Update an existing API key's metadata. Requires
key_idnamescopesagent_namekey_expiresapi-key-list -- List all API keys for the authenticated user. Key values are masked (only last 4 characters visible). Responses include
scopesagent_nameexpiresapi-key-get -- Get details of a specific API key. The key value is masked. Response includes
scopesagent_nameexpiresapi-key-delete -- Revoke (delete) an API key. This action cannot be undone. Optional parameter:
token2fa-status -- Get the current two-factor authentication configuration status (enabled, unverified, or disabled).
2fa-enable -- Enable two-factor authentication on the specified channel. For TOTP, returns a binding URI for QR code display. The account enters an 'unverified' state until 2fa-verify-setup is called.
2fa-disable -- Disable (remove) two-factor authentication from the account. Requires a valid 2FA code to confirm when 2FA is in the enabled (verified) state.
2fa-send -- Send a 2FA verification code to the user's phone via SMS, voice call, or WhatsApp.
2fa-verify-setup -- Verify a 2FA setup code to confirm enrollment. Transitions 2FA from the 'unverified' state to 'enabled'.
oauth-list -- List all active OAuth sessions for the authenticated user.
oauth-details -- Get details of a specific OAuth session.
oauth-revoke -- Revoke a specific OAuth session (log out that device).
oauth-revoke-all -- Revoke all OAuth sessions. Optionally exclude the current session to enable 'log out everywhere else'.
me -- Get the current authenticated user's profile details.
update -- Update the current user's profile (name, email, etc.).
search-contacts -- Search your personal contact list (people you've interacted with via prior invites, shares, or chat mentions) by name or email substring. Returns a flat
{email: name}workspace action=membersshare action=membersorg action=membersclose -- Close/delete the current user account (requires email confirmation).
details-by-id -- Get another user's public profile details by their user ID.
profiles -- Check what profile types (orgs, workspaces, shares) the user has access to.
allowed -- Check if the user's country allows creating shares and organizations.
org-limits -- Get free org creation eligibility, limits, and cooldown status.
list-shares -- List all shares the current user is a member of.
invitation-list -- List all pending invitations for the current user.
invitation-details -- Get details of a specific invitation by its ID or key.
accept-all-invitations -- Accept all pending invitations at once.
asset-upload -- Upload a user asset (e.g. profile photo). Provide either plain-text content or base64-encoded content_base64 (not both).
asset-delete -- Delete a user asset (e.g. profile photo).
asset-types -- List available asset types for users.
asset-list -- List all user assets.
list -- List internal organizations (orgs the user is a direct member of,
member: trueweb_urldetails -- Get detailed information about an organization. Returns
web_urlmembers -- List all members of an organization with their IDs, emails, names, and permission levels.
invite-member -- Invite a user to the organization by email. The email is passed in the URL path (not the body). If the user already has a Fast.io account they are added directly; otherwise an email invitation is sent. Cannot add as owner.
remove-member -- Remove a member from the organization. Requires member management permission as configured by the org's perm_member_manage setting.
update-member-role -- Update a member's role/permissions in the organization. Cannot set role to 'owner' -- use transfer-ownership instead.
limits -- Get organization plan limits and credit usage. Returns credit limits, usage stats, billing period, trial info, and run-rate projections. Requires admin or owner role.
list-workspaces -- List workspaces in an organization that the current user can access. Each workspace includes
web_urllist-shares -- List shares accessible to the current user. Each share includes
web_urlcreate -- Create a new organization on the "agent" billing plan. Requires
domainnameupdate -- Update organization details. Returns
web_urlclose -- Close/delete an organization. Cancels any active subscription and initiates deletion. Requires owner role. The confirm field must match the org domain or org ID.
public-details -- Get public details for an organization. Returns
web_urlcreate-workspace -- Create a new workspace within the organization. Returns
web_urlfolder_namereports3587676312889739297-reportsfolder_namebilling-plans -- List available billing plans with pricing, features, and plan defaults. Returns plan IDs needed for subscription creation.
billing-create -- Create a new subscription or update an existing one. For new subscriptions, creates a Stripe Setup Intent. For existing subscriptions, updates the plan. Requires admin or owner.
billing-cancel -- Cancel the organization's subscription. Requires owner role. Some plans may cause the org to be closed on cancellation.
billing-details -- Get comprehensive billing and subscription details including Stripe customer info, subscription status, setup intents, payment intents, and plan info. Requires admin or owner.
billing-activate -- Activate a billing plan (development environment only). Simulates Stripe payment setup and activates the subscription using a test payment method.
billing-reset -- Reset billing status (development environment only). Deletes the Stripe customer and removes the subscriber flag.
billing-members -- List billable members with their workspace memberships. Shows who the org is being billed for. Requires admin or owner role.
billing-meters -- Get usage meter time-series data (storage, transfer, AI, etc). Returns grouped data points with cost and credit calculations. Requires admin or owner role.
leave -- Leave an organization. Removes the current user's own membership. Owners cannot leave -- they must transfer ownership or close the org first.
member-details -- Get detailed membership information for a specific user in the organization, including permissions, invite status, notification preference, and expiration.
transfer-ownership -- Transfer organization ownership to another member. The current owner is demoted to admin. Requires owner role.
transfer-token-create -- Create a transfer token (valid 72 hours) for an organization. Send the claim URL
https://go.fast.io/claim?token=<token>transfer-token-list -- List all active transfer tokens for an organization. Each token includes
web_urltransfer-token-delete -- Delete (revoke) a pending transfer token. Requires owner role.
transfer-claim -- Claim an organization using a transfer token. The authenticated user becomes the new owner and the previous owner is demoted to admin.
invitations-list -- List all pending invitations for the organization. Optionally filter by invitation state. Requires any org membership.
invitation-update -- Update an existing invitation for the organization. Can change state, permissions, or expiration.
invitation-delete -- Revoke/delete an invitation for the organization.
join -- Join an organization via invitation or authorized domain auto-join. Optionally provide an invitation key and action (accept/decline).
asset-upload -- Upload an org asset (e.g. logo, banner). Provide either plain-text content or base64-encoded file_base64 (not both). Requires admin or owner role.
asset-delete -- Delete an asset from the organization. Requires admin or owner role.
asset-types -- List available asset types for organizations.
asset-list -- List all organization assets.
discover-all -- List all accessible organizations (joined + invited). Each org includes
web_urldiscover-available -- List organizations available to join. Each org includes
web_urldiscover-check-domain -- Check if an organization domain name is available for use. Validates format, checks reserved names, and checks existing domains.
discover-external -- List external organizations (
member: falseweb_urlcustom-domain-get -- Get the org's current custom domain. Returns
hostnamestatuspendingactivecname_target{ hostname: null }custom-domain-create -- Add a custom domain to the org. Requires
hostnamefiles.acme.comstatus: "pending"cname_targethostnamecname_targetcustom-domain-delete -- Remove the org's custom domain. The existing TLS certificate expires naturally (up to 90 days). Requires admin or owner role. No plan gate -- orgs that downgrade can still remove their domain.
custom-domain-validate -- Perform live DNS validation on the org's custom domain. Returns
hostnamedns_validstatuscname_targetcname_foundlist -- List all workspaces the user has access to across all organizations. Each workspace includes
web_urldetails -- Get detailed information about a specific workspace. Returns
web_urlupdate -- Update workspace settings such as name, description, branding, and permissions. Returns
web_urldelete -- Permanently close (soft-delete) a workspace. Requires Owner permission and confirmation.
archive -- Archive a workspace (blocks modifications, preserves data). Requires Admin+.
unarchive -- Restore an archived workspace to active status. Requires Admin+.
members -- List all members of a workspace with their roles and status. Includes both active and pending members. Pending members have
status: "pending"invite{id, created, expires}expiresstatus: "active"invite: nullinvite.idinvitationdeletelist-shares -- List all shares within a workspace, optionally filtered by archive status. Each share includes
web_urlimport-share -- Import a user-owned share into a workspace. You must be the sole owner of the share.
available -- List workspaces the current user can join but has not yet joined. Each workspace includes
web_urlcheck-name -- Check if a workspace folder name is available for use. Workspace names are globally unique. Pass optional
check_org_id3587676312889739297-reportscreate-note -- Create a new markdown note in workspace storage. Accepts exactly one of
contentblob_idPOST /blobweb_urlupdate-note -- Update a note's markdown content and/or name (at least one of
namecontentblob_idcontentblob_idPOST /blobweb_url_warningstype: "note".mdNode is not a noteuploadcreate-sessionparent_node_idfilenametarget_node_idstoragedetailstyperead-note -- Read a note's markdown content and metadata. Returns the note content and
web_urlquickshare-get -- Get existing quickshare details for a node. Returns
web_urlquickshare-delete -- Revoke and delete a quickshare link for a node.
quickshares-list -- List all active quickshares in the workspace. Each quickshare includes
web_urlmetadata-template-create -- Create a new metadata template in the workspace. Available on all plans (Agent/Free can create their first template; Pro allows 2 per workspace; Business allows 10). Requires name, description, category (legal, financial, business, medical, technical, engineering, insurance, educational, multimedia, hr), and fields (JSON-encoded array of field definitions). Each field has name, description, type (string, int, float, bool, json, url, datetime), and optional constraints (min, max, default, fixed_list, can_be_null, autoextract).
autoextracttruefalsemetadata-setautoextract:truemetadata-template-delete -- Delete a metadata template. System templates and locked templates cannot be deleted. Requires template_id.
metadata-template-list -- List metadata templates. Optional template_filter: enabled, disabled, custom (non-system), or system. Returns all non-deleted templates when no filter is specified. Each entry's
fieldsautoextracttrueplan_node_limitis_truncatedmetadata-template-details -- Get full details of a metadata template including all field definitions. Requires template_id. The returned
fieldsautoextracttrueplan_node_limitis_truncatednodes/total_count_unfiltereddetailsmetadata-template-update -- Update an existing metadata template. Any combination of name, description, category, and fields can be updated. Requires template_id.
metadata-template-clone -- Clone a metadata template with optional modifications. Creates a new template based on an existing one. Same parameters as metadata-template-update. Requires template_id.
metadata-template-preview-match -- Preview which files in the workspace would match a proposed template before creating it. Requires
namedescriptionmatched_filesnode_idnamemimetypematched_filestotal_eligibletotal_scannedtotal_matchedtotal_eligibletotal_eligiblesample_ceiling + 1plan_node_limit-1would_truncate_atmin(total_matched, plan_node_limit)total_matchedwould_truncate_at < total_matched_warningsnode_idmetadata-template-suggest-fieldsmetadata-template-suggest-fields -- Ask the AI to propose 1-5 custom fields based on a sample of files. Requires
workspace_iddescriptionnode_idsuser_context"photo collection""contract tracker"suggested_namesuggested_descriptionsuggested_fields{name, type, description, can_be_null, max?, fixed_list?, example_value?}nametypedescriptioncan_be_nullmaxfixed_listfieldsmetadata-template-createexample_valuetypeintdatetimeboolexample_valuemetadata-template-createfile_sample_countsuggested_namesuggested_descriptionmetadata-template-assign -- Assign a metadata template to a workspace. Each workspace can have at most one assigned template. Assigning a system template automatically clones it. Requires template_id. Optional node_id (null for workspace-level assignment).
metadata-template-unassign -- Remove the template assignment from a workspace. Requires workspace admin permission.
metadata-template-resolve -- Resolve which metadata template applies to a given node. Returns the workspace-level template (node_id is accepted but currently inherits from workspace). Returns null if no template is assigned.
metadata-template-assignments -- List all template assignments in the workspace.
metadata-get -- Get all metadata for a file, including both template-conforming metadata and custom (freeform) key-value pairs. Returns node details, template_id, template_metadata array, custom_metadata array, and a top-level
autoextractabletemplate_idautoextractabletruemetadata-extractmetadata-set -- Set or update metadata key-value pairs on a file. Values must conform to the template field definitions. Requires node_id, template_id, and key_values (JSON object of key-value pairs).
metadata-delete -- Delete metadata from a file. Provide keys (JSON array of key names) to delete specific entries, or omit to delete all metadata. Only works on files and notes, not folders. Requires node_id.
metadata-extract -- Enqueue AI-powered metadata extraction for a file. The endpoint is asynchronous (HTTP 202): it enqueues a background job and returns in ~500ms with
job_idstatusstatus_urinode_idtemplate_idfieldsnode_idtemplate_idextract_fields["vendor","amount"]extract_fieldsautoextract:truejob_idextract_fieldsautoextractablemetadata-get(node_id, template_id, fields)job_idtemplate_idextract_fieldsis_auto: trueautoextractable:truemetadata-getmetadata-extractjob_idjob_idextract_fieldsjobs-statusmetadata_extractkind:"single"node_idstatus:"completed"metadata-getstatus:"errored"error_messagejobs-statusEVENT_METADATA_KV_EXTRACT_STARTEDEVENT_METADATA_KV_EXTRACTEVENT_METADATA_KV_EXTRACT_ERROREDjobs-status -- Get the workspace's async job state. Requires
workspace_idmetadata_extractmetadata_extractkind:"single"node_idjob_idtemplate_idfields_scopestatusprogress_percentstarted_atupdated_atcompleted_aterror_messagekind:"batch"total_fileseligible_filesprocessedskippedfailedprogress_percentkindmetadata-list-files -- List files that have metadata for a specific template, with optional filtering and sorting. Requires node_id (folder to search in) and template_id. Optional metadata_filters (JSON-encoded), order_by (field key), and order_desc.
metadata-list-templates-in-use -- List which metadata templates are in use within a folder, with usage counts per template. Requires node_id.
metadata-versions -- Get metadata version history for a file. Returns snapshots of metadata changes over time. Requires node_id.
enable-workflow -- Enable workflow features (tasks, worklogs, approvals, todos) on a workspace. Must be called before using workflow tools on the workspace.
disable-workflow -- Disable workflow features on a workspace. All workflow data is preserved but inaccessible until re-enabled.
list -- List shares the authenticated user has access to. Each share includes
web_urldetails -- Get full details of a specific share. Returns
web_urlcreate -- Create a new share in a workspace.
update -- Update share settings (partial update).
delete -- Delete (close) a share. Requires the share ID or custom name as confirmation.
public-details -- Get public-facing share info (no membership required, just auth).
archive -- Archive a share. Blocks guest access and restricts modifications.
unarchive -- Restore a previously archived share to active status.
password-auth -- Authenticate with a share password. Returns a scoped JWT for the share.
members -- List all members of a share. Includes both active and pending members with
statusinviteavailable -- List shares available to join (joined and owned, excludes pending invitations). Each share includes
web_urlcheck-name -- Check if a share custom name (URL name) is available.
quickshare-create -- Create a temporary QuickShare link for a file in a workspace. Optional
expiresexpires_atenable-workflow -- Enable workflow features (tasks, worklogs, approvals, todos) on a share. Must be called before using workflow tools on the share.
disable-workflow -- Disable workflow features on a share. All workflow data is preserved but inaccessible until re-enabled.
All storage actions require
profile_typecontext_typeworkspaceshareprofile_idcontext_idlist -- List files and folders in a directory with pagination. Each item includes
web_urlprofile_typeprofile_idnode_idrootrecent -- List recently modified files and folders across all directories, sorted by updated descending. Unlike
listtypefilefolderlinknotepage_sizecursordetails -- Get full details of a specific file or folder. Returns
web_urlsearch -- Unified search: keyword + automatic semantic matching when workspace intelligence is enabled. English stemming is built in ("cats" finds "cat", "running" finds "run"). Params:
queryfiles_scopefolders_scopedetailslimitoffsetnameparent_idtyperelevance_scorecontent_snippetmatch_sourcemedia_segmentpagemimetypenodesearch_metadataintelligence_enabledsemantic_availablescopednameparent_idtypeweb_urltrash-list -- List items currently in the trash. Each item includes
web_urlcreate-folder -- Create a new folder. Returns
web_urlcopy -- Copy files/folders. Single copy via
node_idnode_idsweb_urlmove -- Move files/folders. Single move via
node_idnode_idsweb_urldelete -- Delete files/folders by moving them to the trash. Single delete via
node_idnode_idsrename -- Rename a file or folder. Returns
web_urlpurge -- Permanently delete a trashed node (irreversible). Requires Member permission.
restore -- Restore files/folders from the trash. Single restore via
node_idnode_idsweb_urladd-file -- Link a completed upload to a storage location. Returns
web_urladd-link -- Add a share reference link node to storage.
transfer -- Copy or move a node to another workspace or share storage instance. Default mode is 'copy' (keeps source). Use transfer_mode='move' to copy then trash the source (cannot move root). When mode=move, response includes source_trashed (boolean) indicating whether the source was successfully trashed.
version-list -- List version history for a file. Returns
web_urlversion-restore -- Restore a file to a previous version. Returns
web_urllock-acquire -- Acquire an exclusive lock on a file to prevent concurrent edits.
lock-status -- Check the lock status of a file.
lock-release -- Release an exclusive lock on a file.
preview-url -- Get a preauthorized preview URL for a file (thumbnail, PDF, image, video, audio, spreadsheet). Requires
preview_typepreview_urlweb_urlpreview-transform -- Request a file transformation (image resize, crop, format conversion) and get a download URL for the result. Requires
transform_nametransform_urlweb_urlcreate-session -- Create a chunked upload session for a file. Accepts optional
target_node_idaction=updatefile_id=<target_node_id>parent_node_idfilenamenode_idstorageversion-listtarget_node_idstorageversion-listversion-restorestream-upload -- Create a stream session, upload the file body, and auto-finalize in a single call. Use for generated or piped content where the size isn't known upfront and you don't need the session ID between calls. Requires
profile_typeprofile_idparent_node_idfilenamecontentblob_idmax_sizetarget_node_idparent_node_idfilenamehashhash_algochunk -- Upload a single chunk. Use
contentblob_idPOST /blobstream -- Upload the entire file body into an existing stream session (one created via
create-sessionstream=truestream-uploadupload_idupload_idcontentblob_idhashhash_algofinalize -- Finalize an upload session, trigger file assembly, and poll until fully stored or failed. Returns the final session state.
status -- Get the current status of an upload session. Supports server-side long-poll via optional
waitcancel -- Cancel and delete an active upload session.
list-sessions -- List all active upload sessions for the current user.
cancel-all -- Cancel and delete ALL active upload sessions at once.
chunk-status -- Get chunk information for an upload session.
chunk-delete -- Delete/reset a chunk in an upload session.
web-import -- Import a file from an external URL into a workspace or share.
web-list -- List the user's web upload jobs with optional filtering.
web-cancel -- Cancel an active web upload job.
web-status -- Get detailed status of a specific web upload job.
limits -- Get upload size and chunk limits for the user's plan. Returns
chunk_sizesizechunkssessionssessions_size_maxaction_contextinstance_idfile_idorgextensions -- Get restricted and allowed file extensions for uploads. Optional
planrestricted_extensionsarchive_extensionsenforcement_enabledplancache_ttlblob-info -- Get the
POST /blobcurlcurlfile-url -- Get a download token and URL for a file. Optionally specify a version. Requires
profile_typeprofile_idnode_idzip-url -- Get a ZIP download URL for a folder or entire workspace/share. Returns the URL with auth instructions. Requires
profile_typeprofile_idnode_idrootquickshare-details -- Get metadata and download info for a quickshare link. No authentication required.
All AI actions require
profile_typecontext_typeworkspaceshareprofile_idcontext_idchat-create -- Create a new AI chat with an initial question. Default scope is the entire workspace (all indexed documents) — omit
files_scopefolders_scopenodeId:versionIdversionIdversionfiles_attachai.attachtruechatchat_with_fileschat-list -- List AI chats.
chat-details -- Get AI chat details including full message history.
chat-update -- Update the name of an AI chat.
chat-delete -- Delete an AI chat.
chat-publish -- Publish a private AI chat, making it visible to all members.
message-send -- Send a follow-up message in an existing AI chat. Returns message ID -- use message-read to get the AI response.
message-list -- List all messages in an AI chat.
message-details -- Get details for a specific message in an AI chat including response text and citations.
message-read -- Read an AI message response. Polls the message details endpoint until the AI response is complete, then returns the full text.
share-generate -- Generate AI Share markdown with temporary download URLs for files that can be pasted into external AI chatbots.
transactions -- List AI token usage transactions for billing tracking.
autotitle -- Generate AI-powered title and description based on contents (share context only).
All comment endpoints use the path pattern
/comments/{entity_type}/{parent_id}//comments/{entity_type}/{parent_id}/{node_id}/entity_typeworkspaceshareparent_idnode_idlist -- List comments on a specific file (node). Params: sort (
created-createdlist-all -- List all comments across a workspace or share (not node-specific). Same listing params as list.
add -- Add a comment to a specific file. Body: text (max 8,192 chars total, max 2,048 chars display text with
@[...]@[profile:id]@[user:opaqueId:Name]@[file:fileId:name.ext]"document""text"taskapprovaldelete -- Delete a comment. Recursive: deleting a parent also removes all its replies.
bulk-delete -- Bulk soft-delete multiple comments (max 100). NOT recursive: replies to deleted comments are preserved.
details -- Get full details of a single comment by its ID. Response includes
linked_entity_typelinked_entity_idreaction-add -- Add or change your emoji reaction. One reaction per user per comment; new replaces previous.
reaction-remove -- Remove your emoji reaction from a comment.
link -- Link an existing comment to a workflow entity. Params: comment_id, linked_entity_type (
taskapprovalunlink -- Remove the workflow link from a comment. Params: comment_id. Returns the updated comment with linked fields set to null.
linked -- Reverse lookup: find all comments linked to a given workflow entity. Params: linked_entity_type (
taskapprovalsearch -- Search the audit/event log with filters for profile, event type, category, subcategory, event name, and date range. See Event Filtering Reference in section 7 for the full taxonomy of categories, subcategories, and event names.
summarize -- Search events and return an AI-powered natural language summary of the activity. Accepts the same category/subcategory/event filters as search.
details -- Get full details for a single event by its ID.
activity-list -- Poll for recent activity events on a workspace or share.
activity-poll -- Long-poll for activity changes on a workspace or share. The server holds the connection until a change occurs or the wait period expires. Returns activity keys indicating what changed and a lastactivity timestamp for the next poll.
All member actions require
entity_typeworkspaceshareentity_idMember objects include
statusactivependinginvite{id, created, expires}expiresactiveinvitationdeleteinvite.idadd -- Add an existing user by user ID, or invite by email. Pass the email address or user ID as
email_or_user_idpermissionsroleremove -- Remove a member (cannot remove the owner).
details -- Get detailed membership info for a specific member. For workspaces, pass
member_iduser_idupdate -- Update a member's role, notifications, or expiration.
transfer-ownership -- Transfer ownership to another member (current owner is demoted to admin).
leave -- Leave (remove yourself). Owner must transfer ownership first.
join -- Self-join based on organization membership.
join-invitation -- Accept or decline an invitation using an invitation key.
All invitation actions require
entity_typeworkspaceshareentity_idlist -- List all pending invitations.
list-by-state -- List invitations filtered by state.
update -- Resend or update an invitation (by ID or invitee email).
delete -- Revoke and delete a pending invitation. This also removes the corresponding pending member from the member list and unassigns any workflow items (tasks, approvals, todos) assigned to them. Use the
invite.idinvitation_idAll asset actions require
entity_typeorgworkspaceshareuserentity_idupload -- Upload an asset (e.g. logo, banner, profile photo). Provide either plain-text content or base64-encoded data (not both).
delete -- Delete an asset.
types -- List available asset types for the entity.
list -- List all assets for the entity.
read -- Read/download an asset.
Task list and task management for workspaces and shares. All task actions require workflow to be enabled on the target entity (
workspaceenable-workflowshareenable-workflowlist-lists -- List all task lists for a workspace or share. Requires
profile_typeprofile_idsort_bysort_dirlimitoffsetformatcreate-list -- Create a new task list. Requires
profile_typeprofile_idnamedescriptionlist-details -- Get details of a specific task list. Requires
list_idformatupdate-list -- Update a task list's name or description. Requires
list_idnamedescriptiondelete-list -- Soft-delete a task list and all its tasks. Requires
list_idlist-tasks -- List tasks in a task list. Requires
list_idstatusassigneesort_bysort_dirlimitoffsetformatcreate-task -- Create a new task in a list. Requires
list_idtitledescriptionstatuspriorityassignee_iddependenciesnode_idtask-details -- Get full details of a specific task. Requires
list_idtask_idformatupdate-task -- Update a task's title, description, status, priority, assignee (including pending members), dependencies, or node link. Requires
list_idtask_iddelete-task -- Soft-delete a task. Requires
list_idtask_idchange-status -- Change a task's status. Requires
list_idtask_idstatusassign-task -- Assign or unassign a task. Requires
list_idtask_idassignee_idbulk-status -- Change status on multiple tasks at once. Requires
list_idtask_idsstatusmove-task -- Move a task from one list to another within the same profile. Requires
list_idtask_idtarget_task_list_idsort_orderold_task_list_idnew_task_list_idreorder-tasks -- Reorder tasks within a list. Requires
list_idtask_ids{order: [{id, sort_order}, ...]}reorder-lists -- Reorder task lists within a workspace or share. Requires
profile_typeprofile_idlist_ids{order: [{id, sort_order}, ...]}filtered-list -- List tasks filtered by category. Requires
profile_typeprofile_idfilterstatuslimitoffsetformatsummary -- Lightweight task counts for a workspace or share. Requires
profile_typeprofile_idformatActivity log for tracking agent work. After uploads, task changes, share creation, or any significant action, log what you did and why — builds a searchable audit trail for humans and AI. All worklog actions require workflow to be enabled on the target entity.
append -- Append a new entry to the worklog. Requires
entity_typeentity_idcontentlist -- List worklog entries. Requires
entity_typeentity_idtypesort_dirlimitoffsetformatinterject -- Create an urgent interjection entry that requires acknowledgement. Requires
entity_typeentity_idcontentdetails -- Get full details of a specific worklog entry. Requires
entry_idformatacknowledge -- Acknowledge an interjection entry, marking it as seen. Requires
entry_idacknowledgable: trueunacknowledged -- List unacknowledged interjections (entries where
acknowledgabletrueentity_typeentity_idlimitoffsetformatprofile-list -- List all worklog entries at the profile level. Requires
profile_typeprofile_idlimitoffsetformatlistfiltered-list -- List worklogs filtered by category. Requires
profile_typeprofile_idfiltertypelimitoffsetformatsummary -- Lightweight worklog counts for a workspace or share. Requires
profile_typeprofile_idformatFormal approval requests scoped to tasks, storage nodes, worklog entries, or shares. All approval actions require workflow to be enabled on the target entity.
list -- List approval requests for a workspace or share. Requires
profile_typeprofile_idstatuslimitoffsetformatcreate -- Create a new approval request. Requires
profile_typeprofile_identity_typeentity_iddescriptionapprover_iddeadlinenode_iddetails -- Get full details of an approval request including approver list and resolution. Requires
profile_typeprofile_idapproval_idformatresolve -- Resolve an approval request. Requires
profile_typeprofile_idapproval_idresolve_actioncommentbulk-create -- Bulk-create node approvals for every file and note in a share (max 50 nodes). Requires
profile_iddescriptionapprover_iddeadlinebulk-approve -- Bulk-approve all pending approvals in a share. Requires
profile_idcommentbulk-reject -- Bulk-reject all pending approvals in a share. Requires
profile_idcommentfiltered-list -- List approvals filtered by category. Requires
filterprofile_typeprofile_id/user/approvals/list/{filter}assignedprofile_typeprofile_idstatuslimitoffsetformatsummary -- Lightweight approval counts for a workspace or share. Requires
profile_typeprofile_idformatupdate -- Update a pending approval. Requires
profile_typeprofile_idapproval_iddescriptionapprover_iddeadlinenode_idpropertiesdelete -- Permanently delete an approval (any status). Requires
profile_typeprofile_idapproval_idbulk-delete -- Permanently delete all approvals in a share (up to 500). Requires
profile_idSimple flat checklists scoped to workspaces and shares. No nesting. All todo actions require workflow to be enabled on the target entity.
list -- List todos for a workspace or share. Requires
profile_typeprofile_idfilter_donesort_bysort_dirlimitoffsetformatcreate -- Create a new todo item. Requires
profile_typeprofile_idtitleassignee_iddetails -- Get full details of a todo. Requires
todo_idformatupdate -- Update a todo. Requires
todo_idtitleassignee_iddonedelete -- Soft-delete a todo. Requires
todo_idtoggle -- Toggle the done state of a todo. Requires
todo_idbulk-toggle -- Set done state on multiple todos at once. Requires
profile_typeprofile_idtodo_idsdonefiltered-list -- List todos filtered by category. Requires
profile_typeprofile_idfilterlimitoffsetformatsummary -- Lightweight todo counts for a workspace or share. Requires
profile_typeprofile_idformatInteractive MCP App widget discovery and launching. Widgets are interactive HTML5 UIs that render in agent conversations.
list -- List all available MCP App widgets with their metadata (title, description, supported tools, supported actions, resource URI).
details -- Get full metadata for a specific widget. Requires
app_idlaunch -- Launch a widget with workspace or share context. Requires
app_idprofile_typecontext_typeprofile_idcontext_idget-tool-apps -- Find widgets associated with a specific tool domain. Requires
tool_nameWhen connecting from a headless agent (Claude Code, Cursor, Continue, etc.), the server automatically enables Code Mode -- a lightweight alternative to the full 19-tool set. Code Mode exposes 4 tools total:
| Tool | Purpose |
|---|---|
| Authentication (signin, signup, API keys, PKCE, 2FA) |
| File uploads (chunked, text, web-import) |
| Discover API endpoints by keyword, tag, or concept |
| Make authenticated API calls to Fast.io |
Clients with MCP Apps support (Claude Desktop, Cline) continue to receive the full 19-tool set plus 6 app-* widget tools (one per widget in the registry). Unknown clients default to the full tool set.
Query the API spec by keywords, paths, or concepts. Returns matching endpoints with method, path, parameters, and descriptions.
search query="list files in workspace" tag="storage" search query="create share" tag="share" search query="authentication" search query="pagination" include_concepts=true
Parameters:
querytaginclude_conceptsMake authenticated API calls to the Fast.io REST API. Use
searchMethods:
getpostpostJsondeleteputThe auth token is injected automatically. Path parameters must be filled by the caller (replace
{workspace_id}execute method="get" path="/org/1234567890123456789/list/workspaces/"
execute method="post" path="/workspace/1234567890123456789/storage/root/createfolder/" body={"name": "reports"}
execute method="postJson" path="/workspace/1234567890123456789/storage/root/createnote/" body={"name": "summary.md", "content": "# Summary"}
Parameters:
methodpathbodyparamstimeout_msThe execute tool handles three response types automatically:
{ content, content_type, http_status }download://Use
/readnote//read/execute method="get" path="/workspace/{workspace_id}/storage/{node_id}/readnote/"
For reading uploaded files (non-notes), use the
download://resources/read uri="download://workspace/{workspace_id}/{node_id}"
No automatic installation available. Please visit the source repository for installation instructions.
View Installation Instructions
1,500+ AI skills, agents & workflows. Install in 30 seconds. Part of the Torly.ai family.
© 2026 Torly.ai. All rights reserved.