Signed Upload
Generate time-limited signed URLs for client-side uploads.
Signed uploads let you generate a temporary URL on your backend, then use it from the client to upload files without exposing your API credentials.
Flow
- Your backend requests a signed upload URL from the API
- The API returns a signed URL with an expiration
- Your client uploads the file directly using that URL
Step 1: Generate a Signed URL
curl -X POST https://api.tzzl.io/api/v1/upload/generate-signed-url \
-H "Authorization: Bearer sk_a1b2c3d4..." \
-H "Content-Type: application/json" \
-d '{
"upload_config_id": "01HQ...",
"expiration_minutes": 30,
"filename": "photo.jpg",
"content_type": "image/jpeg"
}'
Parameters
| Parameter | Required | Description |
|---|---|---|
upload_config_id | Yes | The upload config to validate against |
expiration_minutes | No | URL validity period (default varies) |
filename | No | Suggested filename |
content_type | No | Expected MIME type |
Step 2: Upload Using the Signed URL
curl -X POST "SIGNED_URL" \
-F "[email protected]" \
-F "upload_config_id=01HQ..." \
-F "space_id=01HQ..."
The signed URL includes a cryptographic signature that the API validates. The upload config's validation rules (allowed formats, max size, dimensions) still apply.
When to Use Signed Uploads
- Client-side uploads where you don't want to expose your API key
- Mobile apps that upload files directly
- Browser uploads with a backend that generates the URL
- Time-limited access where uploads should expire after a set period
Security
- Signed URLs are cryptographically verified on the server
- The upload config's
is_signedflag must betrue - All validation rules from the upload config are enforced
- Expired URLs are rejected