Resolve a file_id to metadata + presigned download URL.
Returns the filename / content-type / size of a previously uploaded file along with a presigned GET URL (TTL set by the storage backend, typically 24h on S3). Agents receive the same URL when the file is attached to an invoke / task envelope; this endpoint exists so callers can fetch their own uploads back without going through an agent.
Authorizations
Pass a user JWT or a oag_ User API Key on the
Authorization: Bearer <token> header. Both are validated by
openapi-gateway against the Auth service.
Both credential types are user-scoped: every key (and every JWT) is bound to exactly one owner, and every route grants the caller full access to that owner's own resources. Cross-tenant access is denied by owner-ACL inside the handlers — there is no per-route scope vocabulary on this API.
Removed in v1.1.0: the legacy
agents:*/tasks:*/files:*/instances:*scope set has been dropped together with the403 insufficient_scopeerror. Existingoag_keys automatically gain full owner-level access and do not need to be re-issued. SDK calls that previously passedscopestocreateAPIKeyshould drop the argument. See the changelog at the bottom of this spec for the full migration note.
Path Parameters
128