This article covers handling your Uploadcare account, it explains how to create, manage, and configure “Projects.”
The Uploadcare experience is centered around the concept of a project. Projects are separate environments that can hold different sets of files and settings. For instance, you could use one project to receive user-generated content, another for implementing advanced security features, and a third one to serve your frontend assets.
When you sign up for a new Uploadcare account, we add one default project. So, explicitly adding another project is optional: you can stick with the default one for creating a test environment and going through every other section of this article.
Uploadcare APIs and API clients (e.g., File uploader) tell your projects from one another by their API keys.
Depending on which Uploadcare features you want to use, you will implement
public_key or a key pair.
secret_key is required when using our REST API to
manage files within a project or implement
Document conversion or
or when using Secure Uploading. You can add
multiple secret API keys to a single Uploadcare project to ensure extended
control options over your environments.
The API logs section allows reviewing the API request list associated with the project. You can view logs for 4 hours to 7 days and sort the received data depending on the necessary diagnostics and monitoring.
The Files section allows viewing the set of files associated with the project. You can add new files, search the set for entries, copy individual file URLs or UUIDs, and delete files from a project.
While the Files view allows you to implement basic files management, use our REST API for more sophisticated scenarios like integrating Uploadcare with your product’s API.
The account owner can add collaborators to their projects.
- Have full access to project files.
- Have access to the settings of this project (including secret keys).
- Can't invite new users to the project.
- Can't delete the project. Only the project owner can do that.
- Don't have access to the payment settings for that project.
If the invited user doesn't have an Uploadcare account, they will be redirected to the sign up page (they should use the same email address to which they were invited). The invitation link is valid for 24 hours.
Under the Settings section, you can find more sophisticated options. Change those when setting up specific file flows; the deafults are perfectly fine for the majority of appliances.
By default, Upload API doesn't store the files forever. There is a 24-hour window when you should decide whether to store uploaded files or not. But all of our official libraries, including File uploader, inherit the auto-store setting from your project, where it's set to ON by default. You can read more about storage behavior here.
You can further enhance the security of your file uploading by generating a special token on your backend and requiring our API to check token validity. This will allow you to implement access and control management in file uploading flows. This sections allows you to turn on the behavior. Note, when switched on, we will no longer accept any uploads to the project without a token. Please, refer to our Documentation to learn more.
Uploadcare REST API allows adding custom webhooks to notify your application about file uploads with the customized payload. Please, refer to API reference to learn more.
You can connect one or more Amazon S3 buckets to your project. Then files uploaded to the project can be copied to your bucket automatically or with the REST API. See custom storage workflow for more details.
Note that when using the S3 bucket, CDN Uploadcare features are only available via Proxy.
You can have all your stored files to be copied to a custom S3 bucket automatically. Connect the storage once, and the system will do backups on a timely basis.
With File uploader, end-users can upload files from various upload sources, such as Google Drive and Facebook. By default, Uploadcare requests access to these cloud services. This allows Uploadcare to see and download all files stored with this service.
Check out OAuth connection examples.
A two-part key is used to encrypt the OAuth token, consisting
of a secret and a end-user part. The secret part is stored with Uploadcare,
and the end-user part of keyis passed through
When a end-user enters the host application and logs in to one of the available accounts (Dropbox, Facebook, etc.), a new end-user part of the key should be generated.
When the end-user logs out of the host application, the host application should lose information about the end-user part of the key.
Since the end-user part of the key will be different for each session, the end-user will have to re-login to the account inside the host application. The end-user part of the key must not match the end-user's id, e-mail, or other repeatable information. It's recommended to use a 6-8 characters string to sign a end-user part of the key.
This feature is useful when several end-users have access to the same device.
Assume that the OAuth application is not configured with
In this case, it is possible that the end-user logs out of the application but remains
logged into the Uploadcare widget, i.e., another end-user of the hostapplication can log
into the previous user's open session on the same device.
Protect your account from bad actors willing to do optimisations on your behalf, and get a proxy endpoint for Adaptive Delivery.
This section allows changing the name of your project or removing it from your account. Click three dots next to the project's name in the list of projects to see the editing options.
You can go to your Uploadcare Billing Options from your Dashboard or by using this link. From there, you can: