This document describes how to manage and use shared links to access certain folders and files in Oracle WebCenter Content.
Overview
WebCenter Content (on Marketplace) supports shared links feature via a new component called SharedLinks. There are two types of shared links:
Public Link: It allows guest users (aka anonymous users) to access certain folders and files in WebCenter Content that are shared via public links without the need to have a WebCenter Content account or the need to log in.
Applink: It allows custom applications to grant time limited access to folders and files when integrating with WebCenter Content.
Note: Both public links and applinks are not supported on systems where Records Management is enabled.
Manage Public Links
A public link is created either for a folder or for a file. A public link should have an expiration date and be protected by an access code. There are REST APIs to perform the following management operations:
Create a public link for a folder under an enterprise library or under the user’s home folder. The user must have RW permission on a folder in order to create a public link on the folder.
- Note: Public links are not supported for: folder shortcuts, query folders, retention query folders, folders in trash, and root folder.
- User must have RWD permission on a folder in order to create a public link with RWD privilege on the folder.
Create a public link for a file under an enterprise library folder or under the user’s home folder. The user must have RW permission on a file in order to create a public link on the file.
- Note: Public links are not supported for: file shortcuts, files in trash, and files with expired content.
- User must have RWD permission on a file in order to create a public link with RWD privilege on the file.
Read link information of a public link. The user should have R permission on the linked folder or file.
Edit a public link. The user should have RW permission on the linked folder or file.
- Note: To update a public link’s privilege to RWD, user should have RWD permission on the linked folder or file.
Delete a public link. The user should have RWD permission on the linked folder or file.
List public links for a folder. The user should have R permission on the folder.
List public links for a file. The user should have R permission on the file.
About Lifecycle of Public Links
When a folder or a file is moved to Trash, its public links are not deleted. A folder/file in trash is not accessible via its public links.
When a folder or a file is restored from Trash, it becomes accessible via its public links again.
When a folder or a file is permanently deleted, its public links are deleted automatically.
- For a folder that is permanently deleted, the public links associated with its descendant folders and files are also deleted automatically.
When a file is unfoldered (being removed from the folder hierarchy), its public links are deleted automatically.
Use Public Links
A public link with R privilege on a file can be used to view that file’s metadata information and to view or download its renditions (system generated or custom uploaded) and attachments.
A public link with R privilege on a folder can be used to view that folder’s metadata information and to browse through its folder hierarchy. That public link can also be applied to all the descendant folders and files.
A public link with RW privilege on a folder, in addition to above read operations, can be used to create sub folders and upload new files or new revisions of existing files under that folder.
A public link with RWD privilege on a folder, in addition to above read, create, and upload operations, can be used to permanently delete any descendant folder or file under that folder.
Note: An anonymous user with a RWD public link cannot perform delete/move to trash operation.
How to Access a Folder or a File via a Public Link Using WebCenter Content REST API?
When calling WebCenter Content REST API to access a folder or a file via a public link, you need to pass this query parameter: dLinkID={linkId}. If the public link has an access code, you can pass the access code either as a query parameter (dAccessCode={accessCode}) or as a Cookie header (with name dAccessCode-{linkID} or dAccessCode).
Examples
Example 1
Get document information for a file with dDocName ABContent012345 via a public link with ID LF7F0ADC33DA869AF8890EF876ABC0755573CE05CA48 and access code Xsdfwgr2h:
GET https://{host}:{port}/documents/wcc/api/v1.1/files/ABContent012345?dLinkID=LF7F0ADC33DA869AF8890EF876ABC0755573CE05CA48&dAccessCode=Xsdfwgr2h
Example 2
Browse a folder with ID F08E631C39EC3839268C6D87A307721D via a public link with ID LFA54057E782BFE2FD2AAAC8FAC8DC5620B02D4F64B2 and access code 7frnveyg9rone:
GET https://{host}:{port}/documents/wcc/api/v1.1/folders/F08E631C39EC3839268C6D87A307721D?dLinkID=LFA54057E782BFE2FD2AAAC8FAC8DC5620B02D4F64B2&dAccessCode=7frnveyg9rone
Example 3
Create a sub folder SubFolder1 in security group Secure under a folder with ID 76A08AFFFFE797345C6DD64BC30AEAF6 with a RW public link ID LF9E16DE60F25AB6E4356E0D1B361AABC6E219366459 and access code dery3f4fyer:
POST https://{host}:{port}/documents/wcc/api/v1.1/folders?fParentGUID=76A08AFFFFE797345C6DD64BC30AEAF6&fFolderName=SubFolder1&fSecurityGroup=Secure&dLinkID=LF9E16DE60F25AB6E4356E0D1B361AABC6E219366459&dAccessCode=dery3f4fyer
Example 4
Upload a file red_icon.png in security group Secure under the same folder (and use the same RW public link as in Example 3):
POST https://{host}:{port}/documents/wcc/api/v1.1/files/data?dLinkID=LF9E16DE60F25AB6E4356E0D1B361AABC6E219366459&dAccessCode=dery3f4fyer with a multi-part form that contains
primaryFilepointing to the localred_icon.pngfile.metadataValueswith Json content like{ "dDocTitle": "red icon", "dDocType": "Document", "dSecurityGroup": "Secure", "fParentGUID": "76A08AFFFFE797345C6DD64BC30AEAF6" }
Manage Applinks
An applink is created for a folder or a file on behalf of a custom application. An applink contains three elements:
- ID: Required when accessing a file or a folder.
- Access Token: Required when accessing a file or a folder. It expires in 15 minutes by default. Once it expires, a new access token should be acquired via the refresh token.
- Refresh Token: Required when generating a new access token. It expires in 24 hours by default. Once it expires, the applink can no longer be used. A new applink should be obtained.
There are REST APIs to perform the following operations:
Create an applink for a folder.
- Note: Applinks are not supported for: root folder, enterprise libraries, folder shortcuts, query folders, retention query folders, and folders in trash.
- User must have at least the same privilege on the folder in order to create an applink with that privilege.
Create an applink for a file.
- Note: Applinks are not supported for: file shortcuts, files in trash, and files with expired content.
- User must have at least the same privilege on the file in order to create an applink with that privilege.
Refresh an applink’s access token.
- Any user (authenticated or anonymous) can run this operation.
Use Applinks
An applink can have these privilege options: R, RW, RWD, and RWDA. Custom applications can use applinks to access linked files and folders based on applink’s privileges.
An applink with R privilege on a file can be used to view that file’s metadata information and to view or download its renditions (system generated or custom uploaded) and attachments.
An applink with R privilege on a folder can be used to view that folder’s metadata information and to browse through its folder hierarchy. That applink can also be applied to all the descendant folders and files.
An applink with RW privilege on a folder, in addition to above read operations, can be used to create sub folders and upload new files or new revisions of existing files under that folder. It can also be used to update metadata of the linked folder or any nested folder or file under the linked folder.
Note: To update security fields (like author, security group, account, or ACLs) of a folder or a file, it requires an applink with RWDA privilege.
An applink with RWD privilege on a folder, in addition to above read, create, upload, and update operations, can be used to permanently delete any descendant folder or file under that folder.
Note: An RWD applink does not support delete/move to trash operation.
An applink with RWDA privilege on a folder, in addition to above CRUD operations, can be used to update security fields on folder/file, and propagate folder metadata.
How to Access a Folder or a File via an Applink Using WebCenter Content REST API?
When calling WebCenter Content REST API to access a folder or a file via an applink, you need to pass this query parameter dAppLinkID={applink ID}. You can either pass the applink access token via this query parameter dAppLinkAccessToken={access token}, or via this http request header HTTP_X_APPLINK_ACCESS_TOKEN.
Examples
Example 1
Get document information for a file with dDocName WCContent012345 via an applink with ID LDSr62PSCOJgKp9n-ipgz35vKhGfhcja2aKTBj38QH2CEl4wFUM8T2v3zeJL31G6u5BTTbQUcsjnZIl-W-09wv_g== and access token S2CT1oZqqocEgxl-3R-Vc3_MsYS0xD21hVwraJ8MEqrLURb_Gh5ZGVNkGb816v9N:
GET https://{host}:{port}/documents/wcc/api/v1.1/files/WCContent012345?dAppLinkID=LDSr62PSCOJgKp9n-ipgz35vKhGfhcja2aKTBj38QH2CEl4wFUM8T2v3zeJL31G6u5BTTbQUcsjnZIl-W-09wv_g==&dAppLinkAccessToken=S2CT1oZqqocEgxl-3R-Vc3_MsYS0xD21hVwraJ8MEqrLURb_Gh5ZGVNkGb816v9N
Example 2
Browse a folder with ID 2290B1F709557ED1FAE557E51C4C7EA8 via an applink with ID LF8GlWy9l36I1V48n7iXZPDNUbK75xxygcS298ppn6YLptZy59P01e9KRLiE64tfNXH-ik4CH2c9HeFveF7qxAuQ== and access token CaqytKjXk5B86jTAcKX6nveZLB7P12AaDbsHQIonhIxUrJvcnE5Wgz4ZiJN0DGaqfpn8lyvkLfUMeZXHIbzufw==:
GET https://{host}:{port}/documents/wcc/api/v1.1/folders/2290B1F709557ED1FAE557E51C4C7EA8?dAppLinkID=LF8GlWy9l36I1V48n7iXZPDNUbK75xxygcS298ppn6YLptZy59P01e9KRLiE64tfNXH-ik4CH2c9HeFveF7qxAuQ==&dAppLinkAccessToken=CaqytKjXk5B86jTAcKX6nveZLB7P12AaDbsHQIonhIxUrJvcnE5Wgz4ZiJN0DGaqfpn8lyvkLfUMeZXHIbzufw==
Example 3
Update document metadata (xComments field) for a file with dDocName WCContent092800, an RW applink with ID LFLA84KEkLZq-t5Tnw95QH5mg_GsbRTy6m7WIUpXhf_iOYjUdgghwUEqGhPzCjifygPD0tACI3rlfc45FWq1FPzA== and access token uZsov0qXg94ZpPgHP_VymqTL-Ci2ZttHrqqrtBeyZyMtrXLk4xE6Di8mIZXdCFqRcZ9W40p0iC0fnn5cdMfOcA==:
PUT https://{host}:{port}/documents/wcc/api/v1.1/files/WCContent092800?dAppLinkID=LFLA84KEkLZq-t5Tnw95QH5mg_GsbRTy6m7WIUpXhf_iOYjUdgghwUEqGhPzCjifygPD0tACI3rlfc45FWq1FPzA==&dAppLinkAccessToken=uZsov0qXg94ZpPgHP_VymqTL-Ci2ZttHrqqrtBeyZyMtrXLk4xE6Di8mIZXdCFqRcZ9W40p0iC0fnn5cdMfOcA== with a multi-part form that contains metadataValues with Json content like { “xComments”: “updated comments” }
About Component Configuration
The SharedLinks component provides the following configurations:
| Name | Description | Default | Max |
|---|---|---|---|
| PublicLinkAccessCodeRequired | Whether public link access code is required | false | N/A |
| PublicLinkDefaultExpirationDateInDays | Default public link expiration date in days | 30 | N/A |
| PublicLinkMaxExpirationDateInDays | Maximum public link expiration date in days | 180 | N/A |
| PublicLinkPerItemLimit | Maximum number of public links allowed per folder/file | 25 | 100 |
| PublicLinkMaxUploadSizeInMB | Maximum file size (in MB) allowed to upload via public link | 100 | 250 |
| AppLinkAccessTokenExpDateInMinutes | Applink access token expiration date in minutes | 15 | 90 |
| AppLinkRefreshTokenExpDateInHours | Applink refresh token expiration date in hours | 24 | 96 |
Managing and Using Shared Links in Oracle WebCenter Content
G12273-06
Last updated: February 2025
Copyright © 2025, Oracle and/or its affiliates.
Primary Author: Oracle Corporation