This article covers handling your Uploadcare account, it explains how to create, manage, and configure “Projects.”

To access an account, sign up for Uploadcare and navigate to your dashboard.


The Uploadcare experience is centered around the concept of a project. Projects are separate environments that can hold different sets of files and settings. For instance, you could use one project to receive user-generated content, another for implementing advanced security features, and a third one to serve your frontend assets.

When you sign up for a new Uploadcare account, we add one default project. So, explicitly adding another project is optional: you can stick with the default one for creating a test environment and going through every other section of this article.

API keys

Uploadcare APIs and API clients (e.g., File uploader) tell your projects from one another by their API keys.

We provide the two kinds of API keys: public and secret. In this documentation, we refer to those as public_key and secret_key, respectively.

Depending on which Uploadcare features you want to use, you will implement either your public_key or a key pair.

Public API key

The main use of a public_key is to identify a target project for your uploads. It is required when using Upload API or its clients such as the File uploader.

Secret API keys

A secret_key is required when using our REST API to manage files within a project or implement Video processing, Document conversion or Object Recognition, or when using Secure Uploading. You can add multiple secret API keys to a single Uploadcare project to ensure extended control options over your environments.

API logs

The API logs section allows reviewing the API request list associated with the project. You can view logs for 4 hours to 7 days and sort the received data depending on the necessary diagnostics and monitoring.

Project, API logs
Project, API logs

Project files

The Files section allows viewing the set of files associated with the project. You can add new files, search the set for entries, copy individual file URLs or UUIDs, and delete files from a project.

Project, Files
Project, Files

While the Files view allows you to implement basic files management, use our REST API for more sophisticated scenarios like integrating Uploadcare with your product’s API.

Project teams

The account owner can add collaborators to their projects.

Project teams, Invite
Project teams, Invite


  • Have full access to project files.
  • Have access to the settings of this project (including secret keys).
  • Can't invite new users to the project.
  • Can't delete the project. Only the project owner can do that.
  • Don't have access to the payment settings for that project.

If the invited user doesn't have an Uploadcare account, they will be redirected to the sign up page (they should use the same email address to which they were invited). The invitation link is valid for 24 hours.

Project settings

Under the Settings section, you can find more sophisticated options. Change those when setting up specific file flows; the deafults are perfectly fine for the majority of appliances.

Automatic file storing

By default, Upload API doesn't store the files forever. There is a 24-hour window when you should decide whether to store uploaded files or not. But all of our official libraries, including File uploader, inherit the auto-store setting from your project, where it's set to ON by default. You can read more about storage behavior here.

Project settings, General, Automatic file storing
Project settings, General, Automatic file storing

Secure uploading

You can further enhance the security of your file uploading by generating a special token on your backend and requiring our API to check token validity. This will allow you to implement access and control management in file uploading flows. This sections allows you to turn on the behavior. Note, when switched on, we will no longer accept any uploads to the project without a token. Please, refer to our Documentation to learn more.

Project settings, Security and privacy, Secure uploading
Project settings, Security and privacy, Secure uploading

File types

You can set up a project to only upload certain types of files.

By default, all MIME file types can be uploaded to the project. You can validate uploads by allowing only specific file types: audio, document, font, image, and video.

Set up file types in the Configure section of the Uploading tab.

Configure, Uploading, File types
Configure, Uploading, File types


Uploadcare REST API allows adding custom webhooks to notify your application about file uploads with the customized payload. Please, refer to API reference to learn more.

Project settings, Uploads, Webhooks
Project settings, Uploads, Webhooks

Custom Amazon S3 Bucket Storage

You can connect one or more Amazon S3 buckets to your project. Then files uploaded to the project can be copied to your bucket automatically or with the REST API. See custom storage workflow for more details.

Project settings, Uploads, Custom Storage
Project settings, Uploads, Custom Storage

Note that when using the S3 bucket, CDN Uploadcare features are only available via Proxy.

Configure backups

You can have all your stored files to be copied to a custom S3 bucket automatically. Connect the storage once, and the system will do backups on a timely basis.

Project settings, Uploads, Backup
Project settings, Uploads, Backup

Custom OAuth applications

With File uploader, end-users can upload files from various upload sources, such as Google Drive and Facebook. By default, Uploadcare requests access to these cloud services. This allows Uploadcare to see and download all files stored with this service.

With custom OAuth, you can set up your application icon, name, as well as Privacy Policy and Terms of Use.

Project settings, Uploads, Custom OAuth applications
Project settings, Uploads, Custom OAuth applications

Check out OAuth connection examples.

Widget version v3.17.0 (and later) allows you to revoke OAuth access to the content of connected accounts (Dropbox, Facebook, etc.) using the remoteTabSessionKey parameter.

A two-part key is used to encrypt the OAuth token, consisting of a secret and a end-user part. The secret part is stored with Uploadcare, and the end-user part of keyis passed through remoteTabSessionKey.

When a end-user enters the host application and logs in to one of the available accounts (Dropbox, Facebook, etc.), a new end-user part of the key should be generated.

When the end-user logs out of the host application, the host application should lose information about the end-user part of the key.

Since the end-user part of the key will be different for each session, the end-user will have to re-login to the account inside the host application. The end-user part of the key must not match the end-user's id, e-mail, or other repeatable information. It's recommended to use a 6-8 characters string to sign a end-user part of the key.

This feature is useful when several end-users have access to the same device. Assume that the OAuth application is not configured with remoteTabSessionKey. In this case, it is possible that the end-user logs out of the application but remains logged into the Uploadcare widget, i.e., another end-user of the hostapplication can log into the previous user's open session on the same device.


Protect your account from bad actors willing to do optimisations on your behalf, and get a proxy endpoint for Adaptive Delivery.

Project settings, Delivery, Adaptive Delivery
Project settings, Delivery, Adaptive Delivery

Edit project

This section allows changing the name of your project or removing it from your account. Click three dots next to the project's name in the list of projects to see the editing options.

Project list, Edit project
Project list, Edit project

Billing options

You can go to your Uploadcare Billing Options from your Dashboard or by using this link. From there, you can: