Uploadcare honors the safety of your and your clients’ critical information. We provide you with several ways to implement extra access and control management in your data ingestion and delivery flows.
After enabling Signed Uploads, uploading any file will require a security token that should be generated on your backend. Thus nobody can upload a file to your project using only an API key.
Note that the Signed Uploads flow sets up for a particular Uploadcare project and implies you have a backend-enabled product.
Uploadcare features a powerful REST API to manage projects and files: request
info, copy, delete entities, etc. REST API is the lowest level of access to
Uploadcare that can be configured to require a signature upon every request made
The mechanic is provided by the
Uploadcare authentication scheme and implies
the code on your backend uses your Secret API Key to generate signatures valid
for the specified time frame.
Uploadcare authentication scheme, our API won’t accept any requests
with no signature provided.
While the Signed Uploads feature is made to control file uploading, the Authenticated URLs one is responsible for requesting the already uploaded files. When enabled, a user will require a token from your backend to access the content. Token authentication also ensures a URL can only be accessed while the token has not expired.
Authenticated URLs work together with custom domains. You should set up a custom CNAME before using the feature.