Data Types

Generating JWTs

The Upload API and Upload CDN support JWT-based authorization for API requests and file downloads, respectively.

Create an API endpoint

To use JWTs with Upload, you must first create a backend API endpoint that issues JWTs:

  1. Create a private/public RSA key pair:

    ssh-keygen -t rsa -b 4096 -m PEM -f jwt_rs256.key -q -N ""
    openssl rsa -in jwt_rs256.key -pubout -outform PEM \
    cat jwt_rs256.key
  2. Add the public key certificate to your account via the JWT Certificates page.

  3. Make sure your backend API has access to the private key.

  4. Add a new endpoint to your backend API:

    • HTTP verb: GET

    • Path: anything

    • Response content-type: text/plain

    • Response body: an encoded JWT (e.g. eyJhbGci1NiJ9.e35gDeaAu...)

      • The JWT must be signed using the private key from step (1) with the RS256 algorithm.

      • The JWT payload structure must be: UploadJwt

JWT Payload Structure

The complete structure of the JWT payload must be as follows:

"access": {
"pathPermissions": [
"match": {
"path": "/uploads/file.jpg",
"scope": "Children"
"permissions": {
"read": {
"file": {
"downloadFile": [
"getFileDetails": true
"folder": {
"getFolderDescription": true,
"getFolderPublicPermissions": true,
"getFolderStorageLayer": true,
"listFolderChildren": true
"write": {
"file": {
"createFile": true,
"deleteFile": true,
"overwriteFile": true
"folder": {
"createVirtualFolder": true,
"deleteVirtualFolder": true,
"setFolderDescription": true,
"setFolderPublicPermissions": true,
"setFolderStorageLayer": true
"tagPermissions": {
"write": [
"exp": 1615680311,
"iat": 1615680311,
"sub": "string"

Most of these fields are optional, see details: UploadJwt

Was this section helpful? Yes No

You are using an outdated browser.

This website requires a modern web browser -- the latest versions of these browsers are supported: