Cloudinary provides a dedicated server-side method to generate a hash containing all the information that is required to initiate direct-upload from your application.
The call to this api should include all the upload options which are about to be used (e.g. public-id, incoming-transformation, etc.). Additionally, you will be required to provide the timestamp (which we strongly recommend to acquire on the server side) and the API_KEY & API_SECRET (which should be stored on your server-side only).
Please see below for example backend code used for generating a signature. Scroll down in the code to input your cloud_name, api_key, and api_secret.
Please see below for example frontend code used for making a call to the backend to generate a signature, then using that signature to upload a file. The result of the upload is logged to the iframe's console.