Upload supports authorization via JWTs for the uploading and downloading of files.
To use JWTs in your requests select one of these methods:
•Pass your JWT via the Authorization-Token HTTP header, and your public API key via the Authorization HTTP header.
•Pass your JWT via an access-token-X cookie, where X is your account ID. (See beginAuthSession in the Upload JavaScript SDK.)
Your JWT must be signed using a public/private key pair, where the public key certificate has been added to the Upload Dashboard.
On the wire, JWTs are serialized as so:
base64UrlEncode(headerJsonString).base64UrlEncode(payloadJsonString).signature
This page describes the decoded JSON structure of the payload part of the JWT.
{}
{ "access": { "pathPermissions": [ { "match": { "path": "/uploads/file.jpg", "scope": "Children" }, "permissions": { "read": { "file": { "downloadFile": [ "thumbnail" ], "getFileDetails": true }, "folder": { "getFolderDescription": true, "getFolderPublicPermissions": true, "getFolderStorageLayer": true, "listFolderChildren": true } }, "write": { "file": { "createFile": true, "deleteFile": true, "overwriteFile": true }, "folder": { "createVirtualFolder": true, "deleteVirtualFolder": true, "setFolderDescription": true, "setFolderPublicPermissions": true, "setFolderStorageLayer": true } } } } ], "tagPermissions": { "write": [ "*" ] } }, "exp": 1615680311, "iat": 1615680311, "sub": "string"}
The access permissions for the JWT.
If the JWT is provided together with a public API key (see above), then the permissions from the API key are merged with the JWT's permissions, taking the JWT's permissions where overlaps occur.
Type: UploadJwtAccess
Required: No
The time the JWT will expire in seconds since midnight 1 January 1970, UTC.
Type: Integer
Minimum: 0
Example: 1615680311
Required: Yes
The time the JWT was issued in seconds since midnight 1 January 1970, UTC.
Type: Integer
Minimum: 0
Example: 1615680311
Required: Yes
User ID from your application's database.
Upload doesn't currently perform any logic based on this value.
However, the value is required, and we recommend setting it to a real user ID for logging and auditing purposes.
Type: String
Required: Yes
This website uses cookies. By continuing you are consenting to the use of cookies per our cookie policy.
This website requires a modern web browser -- the latest versions of these browsers are supported: