Uploom

S3 Gateway

Presigned URLs

A presigned URL is a temporary, pre-signed link that lets anyone (including a browser with no API key) upload or download a single object, without needing the API token. Uploom uses SigV4 query-string signing, the same scheme as AWS S3.

Generate a presigned URL from your SDK

Every S3 SDK supports presigning. Point it at the gateway and call the SDK's presign helper: 

import { S3Client, PutObjectCommand } from "@aws-sdk/client-s3";
import { getSignedUrl } from "@aws-sdk/s3-request-presigner";

const s3 = new S3Client({
  region: "us-east-1",
  endpoint: "https://s3.uploom.io",
  forcePathStyle: true,
  credentials: { accessKeyId: "...", secretAccessKey: "..." },
});

// URL good for 5 minutes
const url = await getSignedUrl(
  s3,
  new PutObjectCommand({ Bucket: "bucket", Key: "uploads/" + filename }),
  { expiresIn: 300 },
);

// Hand the URL to a browser <form action={url} method="post"> for direct upload.
fetch(url, { method: "PUT", body: file });

Header vs query form

The gateway supports both SigV4 forms: the Authorization header (used by SDKs for in-process calls) and the X-Amz-* query parameters (used by presigned URLs). The two forms share the same signing key and the same time-window enforcement.

Limits

Direct-to-browser uploads

The headline use case: a browser uploads a 500 MB file directly to the gateway without the bytes ever touching your server. Pattern:

  1. Your server (with the API token) mints a presigned URL for the key it wants to write to.
  2. Hand the URL to the browser as a hidden form field or via fetch.
  3. The browser does PUT <url> with the file as the body.
  4. Once the upload completes, the file is visible in the dashboard immediately — no extra step needed.

Direct downloads

A get presigned URL is a one-shot download link that you can paste into a browser, an email, or an <a download>. The URL is valid until the expiry; no headers or cookies required.