Drive Access API
Read, search, upload, and manage Google Drive files — including Google Docs and Sheets content — through PortEden Access Tokens. All endpoints use Bearer token authentication and a three-layer security model.
Base URL
https://cliv1b.porteden.com/api/access/drive
Rate Limits
60 req/min · 300 req/hr per IP
Quick Reference
| Endpoint | Method | Operation | Description |
|---|---|---|---|
| /files | GET | list_files / search_files | Search and list files |
| /files/{fileId} | GET | get_file_metadata | Get file metadata |
| /files/{fileId}/download | GET | download_file | Get file links (view, download, export) |
| /files/{fileId}/permissions | GET | get_file_metadata | Get sharing permissions |
| /files/upload | POST | upload_file | Upload a new file |
| /folders | POST | create_folder | Create a new folder |
| /files/{fileId}/rename | PATCH | rename_file | Rename a file/folder |
| /files/{fileId}/move | PATCH | move_file | Move to another folder |
| /files/{fileId} | DELETE | delete_file | Move file to trash |
| /files/{fileId}/share | POST | share_file | Share with user/group/domain |
| /docs/{fileId}/content | GET | read_doc_content | Read Google Doc content |
| /docs/{fileId}/edit | POST | edit_doc_content | Edit Google Doc text |
| /sheets/{fileId} | GET | read_sheet_data | Get spreadsheet metadata |
| /sheets/{fileId}/values | GET | read_sheet_data | Read cell values from a range |
| /sheets/{fileId}/values | PUT | write_sheet_data | Write cell values to a range |
| /sheets/{fileId}/values:append | POST | write_sheet_data | Append rows after last data |
Authentication
All endpoints require a PortEden Access Token via Bearer authentication:
Authorization: Bearer pe_k1_abc123def456... The token must have:
driveAccessEnabled: true- At least one connected Google Drive provider with drive scopes
- The relevant operation flag enabled in
allowedDriveOperations
Provider Requirement
The platform-managed Google client does not request drive permissions. Users must configure a Custom OAuth app and re-authenticate to grant drive access. See Google OAuth Setup.
Access Control Model
Drive access uses a three-layer security model. The token must pass all layers for each request.
Layer 1: Operation Permissions
Each token has an allowedDriveOperations bitflag that controls which API operations it can perform.
Individual Operations
| Operation | Description |
|---|---|
| list_files | List files in a folder |
| search_files | Free-text search across files |
| get_file_metadata | Get a single file's metadata |
| download_file | Get file links (view, download, export URLs — no binary streaming) |
| upload_file | Upload a new file |
| create_folder | Create a new folder |
| rename_file | Rename a file or folder |
| move_file | Move a file to a different folder |
| delete_file | Move a file to trash |
| share_file | Share a file with users/groups |
| update_permissions | Update sharing permissions |
| read_doc_content | Read text/structured content of Google Docs |
| edit_doc_content | Insert, replace, or append text in Google Docs |
| read_sheet_data | Read cell values and metadata from Google Sheets |
| write_sheet_data | Write/update/append cell values in Google Sheets |
| edit_sheet_structure | Add/remove sheet tabs, formatting, merge cells |
Shorthand Flags
| Shorthand | Includes |
|---|---|
| read_only | list_files + search_files + get_file_metadata + download_file |
| docs_read_only | read_doc_content |
| docs_all | read_doc_content + edit_doc_content |
| sheets_read_only | read_sheet_data |
| sheets_all | read_sheet_data + write_sheet_data + edit_sheet_structure |
| workspace_all | docs_all + sheets_all |
| all | All operations |
Note
Default permission is
read_only. Update permissions at Token Permissions.Layer 2: Drive Rules (File-Level Firewall)
Drive rules determine which specific files the token can access. Rules are evaluated per-file against the file's properties.
Default Policy (driveAllowAll)
| driveAllowAll | When No Rules Exist | When Rules Exist |
|---|---|---|
| false (default) | All files blocked | Only files matching allow rules are accessible |
| true | All files accessible | Files matching block rules are hidden/denied |
Rule Types
| Rule Type | Description | Pattern Example |
|---|---|---|
| file_id | Match a specific file by provider-prefixed ID | google:1BxiMVs0XRA5nkz... |
| mime_type | Match files by MIME type (supports /* wildcards) | application/pdf or image/* |
| folder | Match all files inside a specific folder | google:0B7_abc123... |
Rule Actions
| Action | Description |
|---|---|
| allow | Permit access to matching files |
| block | Deny access to matching files (always overrides allow rules) |
Evaluation Order
- If no rules exist at all, the
driveAllowAlldefault applies - Each rule is checked against the file (case-insensitive exact match or wildcard for mime_type)
- If any block rule matches → file is blocked (block always wins)
- If any allow rule matches → file is allowed
- If no rule matches → falls back to
driveAllowAlldefault
Example: Allow Everything Except Sensitive Content
{ "driveAllowAll": true, "rules": [ { "ruleType": "folder", "pattern": "google:0B7_HR_CONFIDENTIAL", "action": "block" }, { "ruleType": "mime_type", "pattern": "application/vnd.google-apps.spreadsheet", "action": "block" } ] } Result: All files accessible except those in the HR folder and all spreadsheets.
Endpoint Sections
HTTP Status Codes
| Status | Meaning |
|---|---|
| 200 | Success |
| 204 | Success (no content — used by DELETE) |
| 400 | Invalid request (missing fields, bad range format) |
| 401 | Invalid or missing access token |
| 403 | Operation not allowed or file access restricted |
| 404 | File not found, no matching provider, or access restricted |
| 422 | Drive not enabled on token, or no drive provider connected |
| 429 | Rate limit exceeded |
| 500 | Provider error communicating with Google Drive |
Drive Error Codes
| Error Code | HTTP | Description |
|---|---|---|
| DRIVE_NOT_ENABLED | 422 | Token doesn't have driveAccessEnabled: true |
| NO_DRIVE_PROVIDER | 422 | No Google account connected with drive scopes |
| OPERATION_NOT_ALLOWED | 403 | Token's allowedDriveOperations doesn't include this operation |
| ACCESS_RESTRICTED | 403/404 | File access restricted by drive rules or owner filtering |
| NO_CONNECTION | 403 | No drive-capable connection found for this operation |
| NO_ADAPTER | 403 | No adapter found for the connection type — contact support |
| NOT_FOUND | 404 | File not found or no matching provider connection |
| PERMISSION_DENIED | 403/404 | Connected Google account lacks access to this file |
| READONLY_SCOPE | 403 | Connected Google account has read-only Drive scope and cannot write |
| INVALID_REQUEST | 400 | Missing required fields, invalid operation type, or exceeds limits |
| INVALID_RANGE | 400 | Malformed Sheets range parameter |
| PROVIDER_ERROR | 500 | Unexpected error communicating with Google Drive |
Supported Providers
| Provider | File ID Prefix | Requirements |
|---|---|---|
| Google Drive | google: | Custom OAuth app with drive scope |
Scope Requirements for Docs & Sheets
Read operations (doc content, sheet values, metadata) work with
Write operations (edit doc, write/append sheet values) require
No additional Docs-specific or Sheets-specific OAuth scopes are needed.
drive.readonly, drive, or drive.file scopes.Write operations (edit doc, write/append sheet values) require
drive or drive.file scope — drive.readonly connections return a READONLY_SCOPE error.No additional Docs-specific or Sheets-specific OAuth scopes are needed.