https://docs.test.geena.eu/user/documents/index.html Documents (private vault) Structured JSON documents stored in the caller’s private vault. Each document is encrypted with a vault-scoped DEK; the vault must be unsealed for all document operations. Queries: list, get, versions Mutations: create, update, delete, validate Hugo en https://docs.test.geena.eu/user/documents/list/index.html Mon, 01 Jan 0001 00:00:00 +0000 https://docs.test.geena.eu/user/documents/list/index.html user.document.list Lists documents in the caller’s private vault (latest version only). Auth Bearer JWT + unsealed vault. Input input DocumentListWhereInput { schemaRef: String # canonical schema URL, see /reference/schemas pagination: PaginationInput } Omit where to return every document. https://docs.test.geena.eu/user/documents/get/index.html Mon, 01 Jan 0001 00:00:00 +0000 https://docs.test.geena.eu/user/documents/get/index.html user.document.get Fetches one document (latest version) including its decrypted JSON content. Auth Bearer JWT + unsealed vault. Arguments Arg Type Description id ID! Document UUID GraphQL query($id: ID!) { user { document { get(id: $id) { metadata { id version schemaRef name audit { updatedAt } } content { data } } } } } Response { "data": { "user": { "document": { "get": { "metadata": { "id": "7b4f...", "version": 3, "schemaRef": "https://schema.identa.io/core/PersonFullName.json", "name": "My name" }, "content": { "data": { "firstName": "Alice", "lastName": "Liddell" } } } } } } } curl curl -X POST https://api.test.geena.eu/graphql \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{ "query": "query($id: ID!) { user { document { get(id: $id) { metadata { id name } content { data } } } } }", "variables": { "id": "7b4f-..." } }' https://docs.test.geena.eu/user/documents/versions/index.html Mon, 01 Jan 0001 00:00:00 +0000 https://docs.test.geena.eu/user/documents/versions/index.html user.document.versions Returns all historical versions of a document (metadata only, newest first). Auth Bearer JWT + unsealed vault. Arguments Arg Type Description id ID! Document UUID GraphQL query($id: ID!) { user { document { versions(id: $id) { id version schemaRef name audit { updatedAt updatedBy } } } } } Response [DocumentMetadata!]!, one entry per version. Use get to read a specific version’s payload by querying the same id at that point in time (the system stores the latest is_latest flag; historical retrieval is planned but not yet exposed). https://docs.test.geena.eu/user/documents/create/index.html Mon, 01 Jan 0001 00:00:00 +0000 https://docs.test.geena.eu/user/documents/create/index.html user.document.create Creates a new document in the caller’s private vault. The data payload is validated against the referenced schema (schemaRef OR embedded documentSchema) before encryption. Auth Bearer JWT + unsealed vault. Input input DocumentInput { name: String! schemaRef: String # either this OR documentSchema — not both documentSchema: JSON # inline JSON Schema (Draft 2020-12) description: String uniquePerVault: Boolean # default false; immutable after creation data: JSON! } Info schemaRef and documentSchema are mutually exclusive. Provide exactly one. If uniquePerVault: true, the database enforces a single document per vault per schema — creating a second one will fail. https://docs.test.geena.eu/user/documents/update/index.html Mon, 01 Jan 0001 00:00:00 +0000 https://docs.test.geena.eu/user/documents/update/index.html user.document.update Replaces the content of an existing document and increments its version. The DEK is shared across versions, so keys are not rotated on update. Auth Bearer JWT + unsealed vault. Arguments Arg Type Description id ID! Document UUID input DocumentInput! Same shape as create See create for the DocumentInput fields. uniquePerVault cannot be changed on update (ignored). https://docs.test.geena.eu/user/documents/delete/index.html Mon, 01 Jan 0001 00:00:00 +0000 https://docs.test.geena.eu/user/documents/delete/index.html user.document.delete Soft-deletes a document. All versions are marked deleted atomically. Auth Bearer JWT + unsealed vault. Arguments Arg Type Description id ID! Document UUID GraphQL mutation($id: ID!) { user { document { delete(id: $id) } } } Returns the deleted document’s id on success. https://docs.test.geena.eu/user/documents/validate/index.html Mon, 01 Jan 0001 00:00:00 +0000 https://docs.test.geena.eu/user/documents/validate/index.html user.document.validate Runs JSON Schema validation against a DocumentInput without creating or mutating anything. Useful for client-side “check before submit” UX when you want the authoritative server-side schema verdict. Auth Bearer JWT. Vault can be sealed — this endpoint does not touch encrypted data.