Upload supports authorization via JWTs for the uploading and downloading of files.
To use JWTs in your requests select one of these methods:
•Pass your JWT via the Authorization-Token HTTP header, and your public API key via the Authorization HTTP header.
•Pass your JWT via a access-token-<ACCOUNT ID> cookie. (The beginAuthSession method in the Upload JavaScript SDK does this for you.)
Your API's auth URL must return an RS256-signed JWT (e.g. eyJhbGci...). The JWT's public key certificate must be added to your account via the Upload Dashboard. This page describes the decoded payload part of the JWT.
{}
{ "access": { "pathPermissions": [ { "match": { "path": "/users/user-xyz", "scope": "Children" }, "permissions": { "read": { "file": { "downloadFile": [ "*" ], "getFileDetails": true }, "folder": { "getFolderDescription": true, "getFolderPublicPermissions": true, "getFolderStorageLayer": true, "listFolderChildren": true } }, "write": { "file": { "createFile": true, "deleteFile": true, "overwriteFile": true }, "folder": { "createVirtualFolder": true, "deleteVirtualFolder": true, "setFolderDescription": true, "setFolderPublicPermissions": true, "setFolderStorageLayer": true } } } } ], "tagPermissions": { "write": [ "*" ] } }, "exp": 1615680311, "iat": 1615680311, "sub": "string"}
The access permissions for the JWT.
If the JWT is provided together with a public API key (see above), then the permissions from the API key are merged with the JWT's permissions, taking the JWT's permissions where overlaps occur.
Type: UploadJwtAccess
Required: No
The time the JWT will expire in seconds since midnight 1 January 1970, UTC.
Example: 1615680311
Type: Integer
Minimum: 0
Required: Yes
The time the JWT was issued in seconds since midnight 1 January 1970, UTC.
Example: 1615680311
Type: Integer
Minimum: 0
Required: Yes
User ID from your application's database.
Upload doesn't currently perform any logic based on this value.
However, the value is required, and we recommend setting it to a real user ID for logging and auditing purposes.
Type: String
Required: Yes
This website uses cookies. By continuing you are consenting to the use of cookies per our cookie policy.
This website requires a modern web browser -- the latest versions of these browsers are supported: