Signed Uploads, Access Control

Signed Uploads is a feature allowing you to implement access management in your file uploading workflows. It is available on any plan and works with both Uploadcare Widget and Upload API.

Switching to the Signed Uploads flow implies you have a backend-enabled product: uploading any file will require a token that should be generated on your end.

With Signed Uploads, you can control who and when can upload files to a certain Uploadcare project.

From here, you can continue reading to learn how to enable Signed Uploads, provide your engineering team with this reference to dig into or contact us in case you have any questions.

Let’s break down enabling Signed Uploads in four steps.

Step 1. Get an Uploadcare Account

To create an Uploadcare account, navigate to our Sign Up page. You will then be prompted to provide your name, email, and pick a password.

Once you agree with our Terms of Service and Privacy Policy, hit “Create Account,” and check your inbox for an email with a validation link.

Follow the link, and you’re in.

Note, you may also choose to sign up with your GitHub or Google account.

Step 2. Switch to Signed Uploads in Your Project

Projects are separate environments holding different sets of keys and settings, including security options. Navigate to your Dashboard and pick an existing project or create a new one.

Then, go to “Signed uploads” and hit “Enable.” This project will now require additional parameters provided in every request to Upload API: signature and expire. From here, your next step is choosing how you upload files: by making API requests or using our File Uploader.

Step 3. Choose Your Uploading Flow and Generate Signatures

Technically, the choice is about making API requests or configure an API client to do this for you. Uploadcare Widget is an Upload API client; on top of that, it adapts to your app’s layout and flow, allows uploading files from different sources like Social Media and Cloud Storage Providers, and provides tools to preview uploaded images and edit them in any browser.

No matter the flow you implement, you will need to generate signature and expire to either pass those as request parameters or widget options. Here’s an article in our docs about generating those params.

Now that you know how to generate the parameters, it’s time for a hands-on.

Step 4. Run Some Tests

With Upload API, you make a request providing signature and expire. Don’t forget to specify your Public API Key in UPLOADCARE_PUB_KEY. We’ve got ready-made request and response examples here.

With Uploadcare Widget, your first step is configuring and installing it. Then you specify the Secure signature and Secure expire widget options.

Note, you will still be able to upload files to your project directly via the “Files” tab.

Conclusion and Support

You made it. Now, you can implement file uploading access management in your app with Uploadcare.

Should you have any further questions, post those around our Community Area or drop us a line.