Skip to main content
POST
Sign a Media Upload

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Body

application/json

Request a signed upload for a given media purpose.

purpose
string
required

What the upload is for; scopes the folder and limits.

Allowed value: "signature"

Response

Successful Response

Provider-neutral signed-upload envelope.

Same shape as an S3 presigned POST, so storage can be swapped later with no frontend/SDK change: the client POSTs file + every key in fields to upload_url and reads secure_url from the response.

upload_url
string
required

Endpoint the browser POSTs the file + fields to.

fields
object
required

Form fields the browser must POST verbatim alongside the file.

Cloudinary recomputes the signature from these params and rejects on any mismatch, so the client sends them byte-for-byte as returned here. Every signed param is included — omitting one would break signature validation.