Public Files API

Introduction

The public-files API allows access to public links via WebDAV.

Request Path Method Content Type

remote.php/dav/public-files/<share_token>

PROPFIND

text/xml

Request Parameters

Attribute Type Description

SHARE_TOKEN

string

The share token for the public link.

Code Example

  • Curl

  • PHP

#!/usr/bin/env bash

##
## Variable Declaration
##
API_PATH="/remote.php/dav/public-files/<share_token>"
SERVER_URI="https://owncloud.install.com/owncloud"
REQUEST_BODY=$(cat <<EOF
<?xml version="1.0"?>
<d:propfind xmlns:d="DAV:" xmlns:oc="http://owncloud.org/ns">
    <d:prop>
        <oc:public-link-item-type />
        <oc:public-link-item-permission />
        <oc:public-link-item-expiration />
        <oc:public-link-item-share-datetime />
        <oc:public-link-item-owner />
    </d:prop>
</d:propfind>
EOF
)

curl "'$SERVER_URI/$API_PATH" \
    -H 'Content-Type: application/xml; charset=UTF-8' \
    -H 'Depth: 1' \
    -X PROPFIND \
    --data-binary "${REQUEST_BODY}"
<?php

use GuzzleHttp\Client;

require_once('vendor/autoload.php');

// Configure the basic client
$client = new Client([
    'base_uri' => 'https://owncloud.install.com/owncloud/remote.php/dav/',
]);

$share_token = '<share_token>';

try {
    $response = $client->request('PROPFIND', "public-files/${share_token}", [
        'headers' => [
            'Content-Type'=> 'text/xml',
        ],
    ]);
    print $response->getBody()->getContents();
} catch (\GuzzleHttp\Exception\ClientException $e) {
    print $e->getMessage();
}
No user and password is required, by default. In case the public link is protected with a password, use public for the username and the share link password for the password.
The curl example uses xml_pp to pretty print the result.

Returns

Example Response

If the public link is available, then output similar to the following will be displayed.

<?xml version="1.0"?>
<d:multistatus xmlns:d="DAV:" xmlns:oc="http://owncloud.org/ns" xmlns:s="http://sabredav.org/ns">
  <d:response>
    <d:href>/remote.php/dav/public-files/GbgdLgcoqYv8RF5/</d:href>
    <d:propstat>
      <d:prop>
        <d:resourcetype>
          <d:collection/>
        </d:resourcetype>
      </d:prop>
      <d:status>HTTP/1.1 200 OK</d:status>
    </d:propstat>
  </d:response>
  <d:response>
    <d:href>/remote.php/dav/public-files/GbgdLgcoqYv8RF5/welcome.txt</d:href>
    <d:propstat>
      <d:prop>
        <d:getlastmodified>Mon, 30 Sep 2019 12:13:02 GMT</d:getlastmodified>
        <d:getcontentlength>0</d:getcontentlength>
        <d:resourcetype/>
        <d:getetag>&quot;a28785e285ce0de0738676814705c4e1&quot;</d:getetag>
        <d:getcontenttype>text/plain</d:getcontenttype>
      </d:prop>
      <d:status>HTTP/1.1 200 OK</d:status>
    </d:propstat>
    <d:propstat>
      <d:prop>
        <d:quota-used-bytes/>
        <d:quota-available-bytes/>
      </d:prop>
      <d:status>HTTP/1.1 404 Not Found</d:status>
    </d:propstat>
  </d:response>
</d:multistatus>

If the share token is missing or invalid, then you will see output similar to the following:

<?xml version="1.0" encoding="utf-8"?>
<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns">
  <s:exception>Sabre\DAV\Exception\MethodNotAllowed</s:exception>
  <s:message>Listing members of this collection is disabled</s:message>
</d:error>

If the user does not have read privileges on the public link, then they will see output similar to the following:

<?xml version="1.0" encoding="utf-8"?>
<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns">
  <s:exception>Sabre\DAV\Exception\MethodNotAllowed</s:exception>
  <s:message>Listing members of this collection is disabled</s:message>
</d:error>