Sharing API
Manage user-to-user sharing permissions.
First-Party Only
The Sharing API is used by users on app.ofself.ai to manage sharing with other users. Third-party apps cannot call these endpoints - they access user data through the authorization flow and exposure profiles.
Endpoints
POST /sharing
POST Create a user-to-user sharing permission.
curl -X POST "https://api.ofself.ai/api/v1/sharing" \
-H "Authorization: Bearer your-jwt-token" \
-H "Content-Type: application/json" \
-d '{
"shared_with_user_id": "user-uuid",
"scope": "specific_tags",
"tag_ids": ["tag-uuid-1", "tag-uuid-2"],
"can_read": true,
"can_write": false,
"can_delete": false,
"can_share": false,
"expires_at": "2026-12-31T00:00:00Z"
}'
Scopes
all: share everythingspecific_tags: share nodes that have these tags (and their relationships)specific_nodes: share only selected nodesgraph: reserved / optional (implementation-specific)
GET /sharing/outgoing
GET List shares you've granted to other users.
curl -X GET "https://api.ofself.ai/api/v1/sharing/outgoing?limit=20&offset=0" \
-H "Authorization: Bearer your-jwt-token"
GET /sharing/incoming
GET List shares granted to you by other users.
curl -X GET "https://api.ofself.ai/api/v1/sharing/incoming?limit=20&offset=0" \
-H "Authorization: Bearer your-jwt-token"
GET /sharing/:share_id
GET Get share details.
PUT /sharing/:share_id
PUT Update sharing permissions (owner only).
curl -X PUT "https://api.ofself.ai/api/v1/sharing/share_abc" \
-H "Authorization: Bearer your-jwt-token" \
-H "Content-Type: application/json" \
-d '{
"scope": "specific_tags",
"tag_ids": ["tag-uuid-1", "tag-uuid-2"],
"can_read": true,
"can_write": true,
"expires_at": "2027-01-01T00:00:00Z"
}'
Request Body: All fields are optional.
| Field | Type | Description |
|---|---|---|
scope | string | all, specific_tags, specific_nodes, or graph |
tag_ids | array | Required if scope is specific_tags |
node_ids | array | Required if scope is specific_nodes |
can_read | boolean | Read permission |
can_write | boolean | Write permission |
can_delete | boolean | Delete permission |
can_share | boolean | Re-share permission |
expires_at | datetime | Expiration (ISO 8601) |
DELETE /sharing/:share_id
DELETE Revoke a share.
curl -X DELETE "https://api.ofself.ai/api/v1/sharing/share_abc" \
-H "Authorization: Bearer your-jwt-token"
Related: Following
Following is built on sharing permissions:
- Accepting a follow request creates a read-only sharing permission.
- Public profiles auto-create read-only sharing on follow.
See Follows API.