Sharing#
Drive allows collaborators to share files with external parties who do not have an account or access to the space.
Share individual files#
Sharing of individual files is based on share-links — tokenised URLs that grant read-only access without requiring authentication. A share-link references one or more files within a space. The link can be sent to anyone; opening it grants read-only access to exactly the files included in the share-link, nothing else.
Example: https://example.teambeam.de/download/files/znd4b2zslueo57vv
Creating a share-link#
A collaborator with write privilege can create a share-link by selecting one or more files from the space. Directories cannot be shared — only individual files. Trashed files cannot be added to a share-link.
A share-link can be modified after creation: files can be added or removed. If all files are removed (for example, because they were deleted from the space), the share-link is automatically deleted.
Expiration#
A share-link can optionally have an expiration date. After this date, anyone opening the link will receive an error instead of file access. Expired share-links are not automatically deleted; a collaborator can reactivate them by updating or clearing the expiry.
Permissions#
| Action | Required privilege |
|---|---|
| View share-links and see which files are shared | Read |
| Create, modify, or delete share-links | Write |
What guests can access#
A person opening a share-link (the guest) can:
- Download or stream the shared files
- View file metadata (name, size, MIME type)
- View file previews and thumbnails
- Download all shared files as a ZIP archive
- View the space avatar
A guest cannot access the space itself, its collaborator list, events, or any files not included in the share-link. Guests have no write access.
Guest authentication#
Opening a share-link URL issues a short-lived guest token. This token is set as an HttpOnly cookie scoped to the share-link path, so the browser sends it automatically on subsequent requests (file downloads, previews, ZIP). No Authorization header is needed.
The guest token has a limited validity controlled by the server. Clients should monitor the token's exp claim and re-resolve the share-link before expiry to obtain a fresh token.
Public URL#
Each share-link includes a publicUrl — a fully qualified URL pointing to a viewer page for the shared files. This is the URL that collaborators copy and distribute to external recipients.
File metadata#
When a file is referenced by one or more share-links, the file's metadata includes a shareLinkUids array listing the UIDs of those share-links. This allows collaborators to see at a glance which files are currently shared. The field is omitted when the file is not part of any share-link.
Audit trail#
Each share-link tracks who created it (createdBy), when it was created (createdAt), and when it was last accessed by a guest (lastAccessedAt). Creating, modifying, or deleting a share-link generates space events visible to all collaborators.
Lifecycle with file deletion#
When a file is deleted or trashed, it is automatically removed from any share-links that reference it. If this leaves a share-link with no remaining files, the share-link itself is deleted. Similarly, when a space is deleted, all its share-links are removed.