Documentation Index
Fetch the complete documentation index at: https://docs.slideless.ai/llms.txt
Use this file to discover all available pages before exploring further.
For most use cases, the slideless CLI is easier than calling these endpoints directly. The CLI wraps every operation, handles auth, and offers stable JSON output via --json. This reference is for when you can’t (or don’t want to) use the CLI. Base URL
https://europe-west1-slideless-ai.cloudfunctions.net
europe-west1. There is no URL versioning — the base above is the only stable one.
Authentication
Every endpoint (except getSharedPresentation, which is token-based) requires the Authorization header:
Authorization: Bearer cko_your_organization_api_key
| Prefix | Type | When to use |
|---|
cko_ | Organization API key | Almost always |
cka_ | Admin API key | Internal platform tooling only |
{ "success": true, "data": { "...": "endpoint-specific payload" } }
{
"success": false,
"error": {
"code": "unauthenticated",
"message": "Invalid or missing API key."
}
}
error.nextAction (a machine-readable hint) and error.details (extra structured context).
The public viewer endpoint (getSharedPresentation) is the only exception — it returns raw bytes (HTML, image, video, etc.) because it feeds the share iframe directly.
Status codes
| Status | Meaning |
|---|
200 | Success |
206 | Partial content (Range response on getSharedPresentation asset fetches) |
304 | Not Modified (asset matches If-None-Match) |
400 | Bad request — missing or invalid arguments, or hash mismatch on asset upload |
401 | Missing or invalid API key |
403 | Authenticated but not allowed (wrong owner, revoked token, missing scope) |
404 | Resource not found, or generically returned to prevent enumeration |
405 | Wrong HTTP method |
409 | Conflict — push’s expectedBaseVersion lags the server |
410 | Gone — token revoked or share expired |
413 | Payload too large (exceeds plan cap) |
500 | Internal error — retry with backoff |
The three-step upload flow
Creating or updating a presentation uses content-addressed storage across three endpoints:
POST /precheckAssets — hash every local file, ask the backend which hashes it already has.POST /uploadPresentationAsset — multipart upload, once per missing blob. Hash-verified server-side.POST /commitPresentationVersion — send the manifest, backend writes a new immutable version.
Unchanged blobs across versions dedupe automatically — updates transfer only what actually changed.
Endpoint index
Upload flow
| Endpoint | Method | Auth | Purpose |
|---|
/precheckAssets | POST | API key | Which hashes are missing? Mints upload session on new-presentation flow. |
/uploadPresentationAsset | POST | API key | Upload one blob (multipart). Hash-verified. |
/commitPresentationVersion | POST | API key | Commit the manifest. Creates presentation or bumps version. |
Discovery + management
| Endpoint | Method | Auth | Purpose |
|---|
/listMyPresentations | GET | API key | List presentations you can access (owned + shared-with-you), cap 100 |
/getSharedPresentationInfo/{presentationId} | GET | API key | Full metadata + token list for one presentation |
/addPresentationToken | POST | API key | Mint a new named token |
/setTokenVersionMode | POST | API key (owner) | Pin a token to a version or follow latest |
/listPresentationVersions/{presentationId} | GET | API key (owner or dev) | List every version’s summary |
/getPresentationVersion/{presentationId}/{version} | GET | API key (owner or dev) | Get a specific version’s full manifest |
/downloadPresentationAsset | GET | API key (owner or dev) | Authenticated streaming download of a single asset by sha256 |
/unsharePresentation | POST | API key (owner) | Revoke one token or every token on the deck |
/deletePresentation | POST | API key (owner) | Hard delete — Firestore doc, every version, every asset, every collaborator row |
/inviteCollaborator | POST | API key (owner) | Grant dev (edit) access by email |
/uninviteCollaborator | POST | API key (owner) | Revoke a dev collaborator |
/listCollaborators | POST | API key (owner) | Every collaborator row (pending/active/revoked) |
/sharePresentationViaEmail | POST | API key | Email to 1–20 recipients with per-recipient tracked links |
Public viewer
| Endpoint | Method | Auth | Purpose |
|---|
/getSharedPresentation/{presentationId}/_t/{token}/... | GET | Token in URL | Serves entry HTML + assets. Range-request aware for video. |
Auth
| Endpoint | Method | Auth | Purpose |
|---|
/verifyApiKey | POST | API key | Validate a key, return its metadata |
| CLI OTP flow | POST | none | Signup/login via 6-digit email OTP |
Limits
Plan-dependent. See Presentations → Size and file-count caps for the full table. Free tier summary:
| Limit | Value |
|---|
| Single HTML file | 10 MB |
| Single asset blob | 50 MB |
| Total deck size | 250 MB |
| Files per manifest | 500 |
| Precheck hashes per call | 2000 |
| Upload session TTL | 1 hour |
| List response cap | 100 presentations (no cursor pagination) |
| API keys per organization | 20 |
CORS
All HTTP endpoints set cors: true — they accept browser requests from any origin. Authorization and Content-Type are allowed headers.
Idempotency
precheckAssets is idempotent — repeat calls return the same missing set.uploadPresentationAsset is idempotent — if the blob already exists, the call succeeds and returns size: 0.commitPresentationVersion is NOT idempotent — each call bumps currentVersion.
