Before uploading and downloading files, you first have to start a FileKit session.

Start a user session

You need the user's email address, and their identity:

const email = '';
const identity = '???';

await fileKit.start(email, { identity });

This snippet should raise a few questions: What are identities? Why are they needed? How to create one?


What are identities?

Identities are used by FileKit to identify your app users. They are represented as encoded strings.

Since FileKit is an end-to-end encryption service, it must ensure that its users are uniquely identified. This is why identities are required to start a session.

How to create an identity?

Creating an identity requires:

  1. The app ID
  2. The app secret (that you saved after creating your app)
  3. A unique and immutable identifier for the user


If you already have such identifiers in your project, it is advised to reuse them here.

Only your app server should have access to the app secret. Thus, it is its responsibility to create, store, and distribute identities to your users.

To help you in this task, Tanker provides an identity SDK in the following languages:

This guide will use the Go language for server code snippets.


Installation and usage guides can be found in the packages' READMEs. If your language is not supported yet, please contact us at

You can now create identities for your users:

import (

globalConfig := identity.Config {
    AppID: "Your App ID",
    AppSecret: "Your App Secret",

aliceIdentity, _ := identity.Create(globalConfig, "aliceID")

Manage identities on your server

Since an identity is required to start a FileKit session, identity management will de facto become a part of your authentication process.

Upon successful authentication, users should get their identity from the server in order to start a session.

Identities are meant to be created only once, which means you must always send the same identity to a user upon successful authentication.

This implies storing them in your database after creation, to be able to serve them in future calls.


An identity contains sensitive data, it must only be served to its associated user.

Authenticate and start a user session

Now, authenticate the user and start the session:

const email = '';
const identity = await serverApi.authenticate();

await fileKit.start(email, { identity });

A modal dialog appears, asking the user to verify their identity.

Verify the user's identity

FileKit must ensure a user is really who they claim to be.

To verify the identity of a user, an email is sent by Tanker to their email address. This email contains an 8-digit verification code that must be input in the UI displayed by FileKit.


This mechanism is triggered once, unless the user changes browser, or enables private navigation.

Stop the session

When the user logs out, do not forget to stop the session:

await fileKit.stop();

The next section will cover file uploading and downloading.