For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Create and subscribe to a webhook. You can use webhooks to receive notifications about your uploads. For instance, once a file gets uploaded to your project, we can notify you by sending a message to a target URL.
Authentication
Authorizationstring
Every request made to `https://api.uploadcare.com/` MUST be signed. HTTPS SHOULD be used with any authorization scheme.
Requests MUST contain the `Authorization` header defining `auth-scheme` and `auth-param`: `Authorization: auth-scheme auth-param`.
Every request MUST contain the `Accept` header identifying the REST API version: `Accept: application/vnd.uploadcare-v0.7+json`.
There are two available authorization schemes:
* For production: `Uploadcare`, a scheme where a `signature`, not your Secret API Key MUST be specified. Signatures SHOULD be generated on backend.
* For quick tests: `Uploadcare.Simple`, a simple scheme where your [Secret API Key](https://app.uploadcare.com/projects/-/api-keys/) MUST be specified in every request's `auth-param`.
Optional [HMAC/SHA-256](https://en.wikipedia.org/wiki/HMAC) secret that, if set, will be used to
calculate signatures for the webhook payloads sent to the `target_url`.
Calculated signature will be sent to the `target_url` as a value of the `X-Uc-Signature` HTTP
header. The header will have the following format: `X-Uc-Signature: v1=<HMAC-SHA256-HEX-DIGEST>`.
See [Secure Webhooks](https://uploadcare.com/docs/webhooks/#signed-webhooks) for details.
versionenumOptionalDefaults to 0.7
Webhook payload's version.
Allowed values:
Response
Webhook successfully created.
idinteger
Webhook's ID.
projectinteger
Project ID the webhook belongs to.
createddatetime
date-time when a webhook was created.
updateddatetime
date-time when a webhook was updated.
eventenum
An event you subscribe to.
Allowed values:
target_urlstringformat: "uri"<=255 characters
A URL that is triggered by an event, for example, a file upload. A target URL MUST be unique for each project — event type combination.
is_activebooleanDefaults to true
Marks a subscription as either active or not, defaults to true, otherwise false.
Optional HMAC/SHA-256 secret that, if set, will be used to
calculate signatures for the webhook payloads sent to the target_url.
Calculated signature will be sent to the target_url as a value of the X-Uc-Signature HTTP
header. The header will have the following format: X-Uc-Signature: v1=<HMAC-SHA256-HEX-DIGEST>.
See Secure Webhooks for details.
Errors
400
Bad Request Error
401
Unauthorized Error
406
Not Acceptable Error
429
Too Many Requests Error
Every request made to https://api.uploadcare.com/ MUST be signed. HTTPS SHOULD be used with any authorization scheme.
Requests MUST contain the Authorization header defining auth-scheme and auth-param: Authorization: auth-scheme auth-param.
Every request MUST contain the Accept header identifying the REST API version: Accept: application/vnd.uploadcare-v0.7+json.
There are two available authorization schemes:
For production: Uploadcare, a scheme where a signature, not your Secret API Key MUST be specified. Signatures SHOULD be generated on backend.
For quick tests: Uploadcare.Simple, a simple scheme where your Secret API Key MUST be specified in every request’s auth-param.
Optional HMAC/SHA-256 secret that, if set, will be used to
calculate signatures for the webhook payloads sent to the target_url.
Calculated signature will be sent to the target_url as a value of the X-Uc-Signature HTTP
header. The header will have the following format: X-Uc-Signature: v1=<HMAC-SHA256-HEX-DIGEST>.
See Secure Webhooks for details.
