In order to use X.IO's Cloud Storage Bridge, you will need to expose a JSON document over HTTPS. This document will instruct the system which storage providers to mount inside the users session.

When the session starts, the service will attempt to access the URL specified in file_provider_url. Once it receives a valid response, it will mount the requested providers. If a permission error occurs with a provider, or a key expires, the service will query the URL again to check for new credentials, which it will use if found.

The overall structure of the JSON is as follows:

update_urlstringnew URL to use for future file provider JSON documents
file_providersarrayarray of objects which describe the file providers to mount

A file provider object is required to contain the following attributes:

idstringunique ID which refers to a given provider and account, should not change for the length of the session
labelstringfriendly label to display in the session, defaults to name of provider
provider_typestringone of dropbox, google_drive, one_drive, box or webdav
expires_inintegeroptional - number of seconds in which the credentials will expire, null if no expiration

Dropbox, Google Drive, OneDrive and Box

OAuth-based providers require submitting an additional string attribute called access_token which contains the access token received from the service provider's API.

If the provider uses refresh tokens, it is your responsibility to ensure the access token is kept up-to-date and available to the X.IO service for the lifetime of the session.


WebDAV providers require an additional string attributed called url which contains the full URL to the WebDAV endpoint the user will be accessing. If credentials are required, they should be specified in the URL.