Upload sources for File Uploader

Our File Uploader support 10 upload sources, including local file storage, web camera, external URL, cloud services, and social networks.

(If you’re looking for previous uploading widget upload sources, look here).

List of supported upload sources

CodeFile Source
localLocal disk
cameraLocal webcam
urlAny URL
facebookFacebook
gdriveGoogle Drive
gphotosGoogle Photos
dropboxDropbox
onedriveOneDrive
boxBox
huddleHuddle

To enable/disable different upload sources, refer to the File Uploader configuration.

You can upload multiple files, including a “select all” option.

Export data formats

Some cloud services, such as Google Drive, export document files as PDFs by default, but they can be exported as Word documents, PDFs or plain text.

You can define the behavior by setting preferred MIME types:

  • Provide a list containing the MIME types preferred for export (see externalSourcesPreferredTypes parameter).
  • Wildcards are allowed, e.g.: application/vnd.openxmlformats-officedocument.*.
  • If no MIME types match the criteria or preferred types aren’t set, default formats are used.

Custom OAuth applications

End-users can upload files from various upload sources, such as Google Drive and Facebook. By default, Uploadcare requests access to these cloud services. This allows Uploadcare to see and download all files stored with this service.

With custom OAuth, you can set up your application icon, name, as well as Privacy Policy and Terms of Use.

Configure uploading, Whitelabeling, Custom OAuth
Configure uploading, Whitelabeling, Custom OAuth

This tutorial explains how to use OAuth 2.0 tokens for authorization and shows examples of OAuth connection.

OAuth 2.0 tokens for authorization

If you have integration with one of social networks or cloud services through OAuth 2 and want to reuse user’s token in the Uploadcare widget, you can use API for that:

  1. First, you need to check that you request all permissions required for Uploadcare widget’s normal work. You can find the full list in the Required permissions section below.
  2. It is only possible to set a token from the client. If you are using tokens only on the server side, you’ll need to temporarily transfer them to the client and send requests from the browser. Please, make sure that your site is served via HTTPS, otherwise, this is a huge security vulnerability.
  3. If you are using custom OAuth apps, it will take some extra work to make everything work together.
  4. You will need to send GET request to the following URL: https://social.uploadcare.com/[storage_key]/set_keys. For what is [storage_key], see the Storage key section below.

You’ll need to send the following information through query string:

  • public_keyrequired. The public key of your Uploadcare project.
  • access_tokenrequired. The access token issued by the authorization server.
  • token_typerequired. The type of the token issued by the authorization server. In most cases, it is Bearer.
  • refresh_tokenoptional. The refresh token, which can be used to get new access tokens using the same authorization grant.

The request can be sent at any time. The best moment is when the user is logged in to your site through OAuth 2.0. But if you already have a lot of logged in users, you may need to send this request on a page load.

Note that for security reasons, it is not possible to use tokens from the widget in your apps. You can only expose your keys to Uploadcare.

Storage key explanation

The storage key is a part of a URL, which you (and Uploadcare widget) use for communication with social services. In simple cases, this is the service name. For example: box, huddle, skydrive, facebook, dropbox, and gdrive.

But if you are using custom OAuth apps for your project, these keys will be different. The easiest way to find out the right storage key is to look for it in the browser’s developer panel. Open the widget on the tab you are interested in and find the request to social.uploadcare.com.

Required permissions

Some of the services need extra permissions to work with Uploadcare.

Full list of permissions:

  • Facebook: user_photos, user_videos, user_likes, user_friends
  • Google Drive: https://www.googleapis.com/auth/drive.readonly
  • OneDrive: wl.offline_access, wl.skydrive
  • VK: friends, photos, docs, offline

Revoke OAuth access

File Uploader and jQuery File Uploader version v3.17.0 (and later) allows you to revoke OAuth access to the content of connected accounts (Dropbox, Facebook, etc.) using the remoteTabSessionKey and remoteTabSessionKey parameter respectively.

A two-part key is used to encrypt the OAuth token, consisting of a secret and an end-user part. The secret part is stored with Uploadcare, and the end-user part of the key is passed through remoteTabSessionKey.

When an end-user enters the host application and logs in to one of the available accounts (Dropbox, Facebook, etc.), a new end-user part of the key should be generated.

When the end-user logs out of the host application, the host application should lose information about the end-user part of the key.

Since the end-user part of the key will be different for each session, the end-user will have to re-login to the account inside the host application. The end-user part of the key must not match the end-user’s id, e-mail, or other repeatable information. It’s recommended to use a 6-8 characters string to sign an end-user part of the key.

This feature is useful when several end-users have access to the same device. Assume that the OAuth application is not configured with remoteTabSessionKey. In this case, it is possible that the end-user logs out of the application but remains logged into the Uploadcare widget, i.e., another end-user of the host application can log into the previous user’s open session on the same device.

Examples

Google Drive

  1. Open Google Developers Console.
  2. Click Create Project.
  3. Think up a name for your project. For example, your site or application name.
  4. Go to API Manager, search for Drive API and enable it.
  1. Go to API Manager → Credentials and add OAuth 2.0 client ID.
  1. Choose Web application and add the following URL as Authorized redirect URIs: https://social.uploadcare.com/gdrive/endpoint
  2. Copy the client ID and client secret keys.
  3. Go to Dashboard, open the Custom OAuth apps page, select Google Driveand fill in the App key and App secret fields with the keys you got from Google. Click Save Keys.

Dropbox

  1. Open Dropbox App Console.
  2. Click Create app.
  3. Choose Dropbox API.
  4. Choose Full Dropbox — Access to all files and folders in a user’s Dropbox.
  5. Think up a name for your app. For example, your site or application name.
  6. Click Create app. The new application will be created.
  7. On the settings page of the app, add the following URI to the Redirect URIs field: https://social.uploadcare.com/dropbox/endpoint.
  8. Before connecting the app, you need to increase users limit, to do this click Enable additional users.
  9. Find App key and App secret and copy them.
  10. Go to Dashboard, open the Custom OAuth apps page in project settings, select Dropbox and fill in the App key and App secret fields with the keys you got from Dropbox. Click Save Keys.
  11. Now you can test your app. In the widget, try to connect Dropbox. If everything is done right, you will see the request from your app.
  12. After that, you will need to apply the app for production. Go back to the app settings page and click Apply for production. Follow the instructions to send the request.

Facebook

  1. Open Facebook My Apps.
  2. Click Add a New App.
  3. Click basic setup.
  4. Choose a name and select a category for the new app. Then click Create App ID.
  5. On the Settings page, click + Add platform and choose Website.
  1. Fill App domains and Site URL with the social.uploadcare.com domain and click Save Changes.
  1. Go to the App Review page and click Start a Submission.
  2. Mark the following items to a review: user_likes, user_photos and user_videos and click Add 3 Items.
  1. Provide step-by-step instruction and a screencast that shows how to access the Uploadcare widget and open the Facebook tab. Then submit the app for review.
  2. After confirmation, you will get the Facebook App ID and App Secret.
  3. Go to Dashboard, open the Custom OAuth apps page, select Facebook and fill in the App key and App secret fields with the keys you got from Facebook.

Box

  1. Open Box Applications list.
  2. Click Create a Box Application.
  3. Think up a name for your application. For example, your site or application name.
  4. Select Box Content.
  5. Set the following URL as redirect_uri in the project settings and select Read and write all files and folders: https://social.uploadcare.com/box/endpoint. Note that all other boxes of the Scope section must be unmarked.
  6. At the bottom of the form, Click Save Application.
  7. Go to Dashboard, open the Custom OAuth apps page, select Box and fill in the App key and App secret fields with the keys you got from Box. Click Save Keys.