Signed uploads allow you to control who can upload files to your Uploadcare
project and when. You need to generate a
signature on your backend, and a trusted user should use this signature
to upload a new file. It works with both File Uploader,
jQuery File Uploader, and Upload API.
Signed uploads can be turned on and off to an Uploadcare project, because it has a dedicated storage, Public and Private keys, and security settings.
From now on, every request to Upload API should include a signature part.
However, you’ll still be able to upload files to your project via the Dashboard.
The signature string sent along with your upload request.
To generate it, you need the secret key of your Uploadcare project,
which you can get from the API keys section.
The signature is an HMAC/SHA256 with two parameters:
YOUR_SECRET_KEY — a generated key.expire — an expiration time message (string).Here’s how to make the signature on your backend:
The expire string sets the expiration date and time or duration for a
signature. It has a Unix time format.
The expire function in the Python example above adds a certain duration after
the generation time. In this case, 30 minutes:
To generate a signed upload, you need to pass 3 parameters:
YOUR_PUBLIC_KEYsignatureexpireRequest:
Response:
To work with File Uploader, specify the secure signature and secure expire options.
To work with jQuery File Uploader, specify respective secure signature and secure expire options.
Both signature and an active expire are required for every upload request
and should be valid. The list of possible errors:
If expire is not a valid Unix timestamp:
If your signature has expired, i.e., expire < now:
If signature is incorrect: