Security and Compliances

Uploadcare honors the safety of your and your clients’ critical information. We provide you with several ways to implement extra access and control management in your data ingestion and delivery flows.

Signed Uploads: Control who and when can upload files

After enabling Signed Uploads, uploading any file will require a security token that should be generated on your backend. Thus nobody can upload a file to your project using only an API key.

Note that the Signed Uploads flow sets up for a particular Uploadcare project and implies you have a backend-enabled product.

How to enable Signed Uploads

Signed Requests: Grant access to files on Uploadcare to authorized clients only

Uploadcare features a powerful REST API to manage projects and files: request info, copy, delete entities, etc. REST API is the lowest level of access to Uploadcare that can be configured to require a signature upon every request made to the endpoint.

The mechanic is provided by the Uploadcare authentication scheme and implies the code on your backend uses your Secret API Key to generate signatures valid for the specified time frame.

Using the Uploadcare authentication scheme, our API won’t accept any requests with no signature provided.

How to enable Signed Requests

Authenticated URLs: Control who and when can request files

While the Signed Uploads feature is made to control file uploading, the Authenticated URLs one is responsible for requesting the already uploaded files. When enabled, a user will require a token from your backend to access the content. Token authentication also ensures a URL can only be accessed while the token has not expired.

Authenticated URLs work together with custom domains. You should set up a custom CNAME before using the feature.

How to enable Authenticated URLs