The Upload API and Upload CDN support JWT-based authorization for API requests and file downloads, respectively.
To use JWTs with Upload, you must first create a backend API endpoint that issues JWTs:
Create a private/public RSA key pair:
ssh-keygen -t rsa -b 4096 -m PEM -f jwt_rs256.key -q -N ""
openssl rsa -in jwt_rs256.key -pubout -outform PEM \ -out jwt_rs256.key.pub
cat jwt_rs256.key
cat jwt_rs256.key.pub
Add the public key certificate to your account via the JWT Certificates page.
Make sure your backend API has access to the private key.
Add a new endpoint to your backend API:
HTTP verb: GET
Path: anything
Status code: 200
Response content-type: text/plain
Response body: an encoded JWT (e.g. eyJhbGci1NiJ9.e35gDeaAu...)
The JWT must be signed using the private key from step (1) with the RS256 algorithm.
The JWT payload structure must be: UploadJwt
An example JWT payload is shown below.
In this example, the requester has been granted read/write access to all files within the /users/user-xyz folder (non-recursively):
{ "exp": 1615680311, "iat": 1615680311, "sub": "user-xyz", "access": { "pathPermissions": [ { "match": { "path": "/users/user-xyz", "scope": "Children" }, "permissions": { "read": { "file": { "downloadFile": [ "*" ], "getFileDetails": true } }, "write": { "file": { "createFile": true, "deleteFile": true, "overwriteFile": true } } } } ], "tagPermissions": { "write": [ "*" ] } }}
To define recursive permissions, add another element to the pathPermissions array with "scope": "Grandchildren+" (see: PathPattern).
For all path permissions, see: UploadJwt
This website uses cookies. By continuing you are consenting to the use of cookies per our cookie policy.
This website requires a modern web browser -- the latest versions of these browsers are supported: