File Upload
The English user guide is currently in beta preview. Most of the documents have been automatically translated from the Japanese version. Should you find any inaccuracies, please reach out to Flatt Security.
Workflows that take source code or files as input—such as whitebox assessment—require uploading the target files to Takumi API beforehand.
To check whether a specific workflow requires file input, refer to the request schema for its dispatch endpoint (/o/{org_id}/workflows/{workflow_id}/dispatch) in the OpenAPI documentation.
This page explains how file upload works and related constraints.
Upload Flow
Uploading a file is a three-step process:
- Get an upload URL: Call
/o/{org_id}/input-files/get-upload-urlwith the file size to obtain afile_idand a temporaryupload_url - Upload the file: Upload the file to the
upload_urlvia HTTP PUT (noAuthorizationheader required) - Confirm the upload: Call
/o/{org_id}/input-files/confirm-uploadto finalize the upload. The file cannot be referenced as workflow input until this step is complete
# 1. Get an upload URL
curl -s -H "Authorization: Bearer $ACCESS_TOKEN" \
https://api.cloud.shisho.dev/v1/o/$org_id/input-files/get-upload-url \
--json '{"content_length": 123456}'
# 2. Upload the file
curl -s -X PUT "<upload_url>" --upload-file ./your-project.zip
# 3. Confirm the upload
curl -s -H "Authorization: Bearer $ACCESS_TOKEN" \
https://api.cloud.shisho.dev/v1/o/$org_id/input-files/confirm-upload \
--json '{"file_id": "TIF..."}'
If you decide not to complete the upload, call /o/{org_id}/input-files/cancel-upload to cancel it. This ensures the cancellation is correctly reflected in your storage usage.
File Retention Period
Uploaded files are automatically deleted after a 30-day retention period. If you need the file beyond this period, upload it again.
Storage Capacity Limit
There is a storage capacity limit for uploaded files. You can free up space by deleting files you no longer need using the /o/{org_id}/input-files/delete endpoint.