The Upload API and Upload CDN support JWT-based authorization for API requests and file downloads, respectively.
To use JWTs with Upload, you must first create a backend API endpoint that issues JWTs:
Create a private/public RSA key pair:
ssh-keygen -t rsa -b 4096 -m PEM -f jwt_rs256.key -q -N ""
openssl rsa -in jwt_rs256.key -pubout -outform PEM \ -out jwt_rs256.key.pub
cat jwt_rs256.key
cat jwt_rs256.key.pub
Add the public key certificate to your account via the JWT Certificates page.
Make sure your backend API has access to the private key.
Add a new endpoint to your backend API:
HTTP verb: GET
Path: anything
Response content-type: text/plain
Response body: an encoded JWT (e.g. eyJhbGci1NiJ9.e35gDeaAu...)
The JWT must be signed using the private key from step (1) with the RS256 algorithm.
The JWT payload structure must be: UploadJwt
The complete structure of the JWT payload must be as follows:
{ "access": { "pathPermissions": [ { "match": { "path": "/uploads/file.jpg", "scope": "Children" }, "permissions": { "read": { "file": { "downloadFile": [ "thumbnail" ], "getFileDetails": true }, "folder": { "getFolderDescription": true, "getFolderPublicPermissions": true, "getFolderStorageLayer": true, "listFolderChildren": true } }, "write": { "file": { "createFile": true, "deleteFile": true, "overwriteFile": true }, "folder": { "createVirtualFolder": true, "deleteVirtualFolder": true, "setFolderDescription": true, "setFolderPublicPermissions": true, "setFolderStorageLayer": true } } } } ], "tagPermissions": { "write": [ "*" ] } }, "exp": 1615680311, "iat": 1615680311, "sub": "string"}
Most of these fields are optional, see details: UploadJwt
This website uses cookies. By continuing you are consenting to the use of cookies per our cookie policy.
This website requires a modern web browser -- the latest versions of these browsers are supported: