Media and files API

8 endpoints (6 media + 2 room-files).

Media#

POST /v1/media/upload#

1
2
3
4

curl -X POST "$BASE/v1/media/upload" \
  -H "Authorization: Bearer $TOKEN" \
  -F "file=@./photo.jpg" \
  -F "tenant_scope=true"

Returns:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

{
  "data": {
    "media_id": "med-…",
    "sha256": "abc123…",
    "size": 184234,
    "mime_type": "image/jpeg",
    "thumbnail_id": "med-thumb-…",
    "width": 1920,
    "height": 1080,
    "scan_status": "clean"
  }
}

scan_status is pending immediately, becomes clean or infected once ClamAV has scanned. Infected files are auto-deleted; references to them 404.

POST /v1/transcribe#

1
2
3
4

curl -X POST "$BASE/v1/transcribe" \
  -H "Authorization: Bearer $TOKEN" \
  -F "file=@./meeting.m4a" \
  -F "language=en"

Async — returns immediately with a job_id:

1

{ "data": { "job_id": "job-…", "status": "queued" } }

Poll GET /v1/jobs/{job_id} (under Queue and scheduled tasks) for completion. The result includes:

1
2
3
4
5
6
7
8

{
  "data": {
    "transcript": "Full text…",
    "segments": [{ "start": 0, "end": 3.2, "text": "Hello" }, …],
    "language": "en",
    "duration": 312.4
  }
}

Room file index#

Files uploaded into a room are tracked in a per-room index so the client can show a "Files" tab.

Storage#

All media goes to MinIO/S3 via the path tenant/{tenant_id}/{sha256}. Content-addressable: uploading the same file twice (same sha256) dedupes server-side.

Quotas#

Per-tenant max_storage_mb. Hit returns 413.

Signed URLs#

For clients that can't include auth headers (image tags, embedded players), use /v1/media/signed/{media_id} to get a URL valid for the next 5 minutes:

{
  "data": {
    "url": "https://...minio.../tenant/.../sha256?X-Amz-...",
    "expires_at": "2026-05-17T14:05:00Z"
  }
}