Minting a signature itself requires an API key — only a trusted backend should call this endpoint. The resulting signature is what you hand to the untrusted client (e.g. a browser).
Endpoint
Body parameters
Destination folder the signature will be scoped to. Must match the
folder field sent with the eventual POST /upload request.Defaults to the root folder if omitted.Lifetime of the signature in seconds. Clamped between
1 and a server-configured maximum.Defaults to a server-configured value if omitted.Response
true if a signature was generated.The presigned signature to pass alongside the upload.
Unix timestamp (seconds) after which the signature is no longer valid.
The folder the signature is scoped to.
200 success · 500 API_SECRET not configured on the server
Example
Related
Upload Files
Use the resulting signature to upload without an API key.