File Uploads & Downloads¶

Ag2Trust supports file uploads via the Customer API and provides signed download URLs for agent-generated files and knowledge document citations.

Overview¶

Uploading Knowledge Documents¶

Upload documents to your knowledge base for agents to reference. See the Knowledge Base guide for full details.

Via Customer API¶

curl -X POST https://api.ag2trust.com/api/v1/knowledge/documents \
  -H "X-API-Key: cust_your_api_key" \
  -F "file=@product-manual.pdf" \
  -F "name=Product Manual"

Response:

{
  "id": 123,
  "name": "Product Manual",
  "original_filename": "product-manual.pdf",
  "mime_type": "application/pdf",
  "file_size_bytes": 2048576,
  "status": "pending",
  "created_at": "2025-01-15T10:00:00Z"
}

Supported Formats¶

Checking Document Status¶

curl https://api.ag2trust.com/api/v1/knowledge/documents/123 \
  -H "X-API-Key: cust_your_api_key"

Documents progress through: pending → processing → ready (or failed).

Citation Downloads¶

When an agent cites a knowledge document in its response, the pool endpoint includes a citations array with signed download URLs:

{
  "content": "According to the product manual [source:1], the feature supports...",
  "citations": [
    {
      "source_id": "source:1",
      "document_name": "Product Manual",
      "download_url": "https://api.ag2trust.com/api/v1/knowledge/documents/123/download?thread_id=thread_abc&token=eyJ..."
    }
  ]
}

Downloading a Cited Document¶

The download_url is self-contained — no API key required:

curl -o product-manual.pdf \
  "https://api.ag2trust.com/api/v1/knowledge/documents/123/download?thread_id=thread_abc&token=eyJ..."

Agent File Downloads¶

When an agent generates a file (e.g., a report, export, or analysis), the pool endpoint includes a files array:

{
  "content": "I've generated the report [file:1]. You can download it below.",
  "files": [
    {
      "ref_id": "file:1",
      "filename": "quarterly-report.pdf",
      "link_text": "Download Report",
      "download_url": "https://api.ag2trust.com/api/v1/uploads/456/download?thread_id=thread_abc&token=eyJ..."
    }
  ]
}

Downloading an Agent File¶

curl -o quarterly-report.pdf \
  "https://api.ag2trust.com/api/v1/uploads/456/download?thread_id=thread_abc&token=eyJ..."

Security Model¶

Both download endpoints use signed tokens instead of API key authentication:

• Tokens are HMAC-signed with a server secret
• thread_id is embedded in and enforced by the token
• Tokens cannot be reused across threads
• No API key is needed — the signed URL is self-authenticating

This allows you to safely pass download URLs to end users without exposing your API key.

API Reference¶

Knowledge Documents¶

Agent File Downloads¶

Account Usage¶

Best Practices¶

1. Check document status after upload — Documents need processing before they're available to agents
2. Cache download URLs sparingly — Tokens have limited lifetimes; generate fresh responses for new downloads
3. Monitor account usage — Knowledge documents consume tokens against your tier limit
4. Use end_user_id — Pass ?end_user_id= query parameter on document operations to scope visibility

Next Steps¶

• Knowledge Base — Full knowledge base management
• Connectors — Import documents from Google Drive and SharePoint
• Pool Endpoint — Response format with citations and files