Work with an unregistered recipient

There are use-cases where a recipient you want to share a file with is not registered in your app.

This also implies that they do not have an identity yet.

To share encrypted files with this recipient, you have to use provisional identities.

Provisional identities

Provisional identities are the temporary counterpart of identities.

They can be created using the identity SDK:

globalConfig := identity.Config {
    AppID: "Your App ID",
    AppSecret: "Your App Secret",

aliceProvisionalIdentity, _ := identity.CreateProvisional(globalConfig, "")

Since the recipient is not one of your app users yet, they can only be identified with an email address.


The email address will be used later on to verify the recipient's identity.

Share with a provisional identity

Just like identities, provisional identities contain sensitive data.

It is possible to retrieve a public identity from a provisional identity:

const aliceEmail = '';
const alicePublicProvisionalIdentity = await serverApi.getPublicIdentity(aliceEmail);

const file = document.getElementById('fileItem').files[0];
const fileId = await fileKit.upload(file, { shareWithUsers: [alicePublicProvisionalIdentity] });

Although you can share files with an unregistered recipient, they must register in your app to access them.

Accessing files shared with a provisional identity

Once the recipient registers in your app and get an identity, they need to access files that were shared with them before the registration.

Upon successful authentication, you should return both the identity and the provisional identity.

Finally, call start() with both identities:

const { identity, provisionalIdentity } = await serverApi.authenticate();
await fileKit.start(email, { identity, provisionalIdentity });

The user has to verify their identity through the 8-digit code sent to their email address.

Work with an unregistered sender

Sometimes, the sender of a file doesn't need an account. In this case, you can create a disposable identity designed to be thrown away once used.

You should generate a unique and immutable identifier and its associated private identity.

Then, call startDisposableSession() instead of start():

const disposableIdentity = await serverApi.getDisposableIdentity();
await fileKit.startDisposableSession({ identity: disposableIdentity });


You need to call startDisposableSession() to skip the verification process, because this identity is discarded at the end of the session.