Allowing users to upload videos

Comments

3 comments

  • Avatar
    Thomas Gurung

    Hi Alan,

    Unsigned uploads are one way of uploading your assets to Cloudinary without having to use the API secret and hence not exposing it. You should never use your API secret on the client-side such as frontend apps or mobile. However, the downside with this is that if someone finds out your cloud name and upload preset, they can use it to make unauthorised uploads outside your apps. 

    There is no rate-limiting feature available for uploads but there are a couple of things you can do, all of which require you to set up a backend server. They are: 

    • Adding a "Notification URL"  and enabling "Async" from your upload preset's settings so your server will get notified when an upload with that preset is used. We will send a "pending" message to the uploader but still upload the asset in the background so the uploader will not get the standard upload response. You can then check the notification payload on your backend server and determine whether to keep that uploaded asset or delete it.
    • Implement signed uploads from the client-side so you will not need to send the file to your server instead you'd just ask your backend to generate a signature per upload, return it to the frontend and then send the file and signature to us. This will be an entirely authenticated request so how you manage the authentication from the frontend to the backup server when requesting the signature string will be under your requirements. 
    • Send a file from the frontend to the backend and upload it from there using one of our many SDKs or directly. 

    Click here to find out more about how to create a signature server-side. Click here to find out more about the backend SDKs we provide.

    Thank you

    0
    Comment actions Permalink
  • Avatar
    Alan Lawrance

    Thanks -- creating the signature server side sounds like a good approach.

    The documentation explains how to generate the signature on the back end, but it's unclear to me if the front-end would be forced to use REST calls to use the signature.  Does the .NET SDK support injecting the signature when using the Upload and Search methods in the SDK?

    0
    Comment actions Permalink
  • Avatar
    Thomas Gurung

    Hi Alan,

    Yes, so if you are using the backend simply for the creation of the signature then your frontend will need to call our REST APIs with the signature and other relevant data. 

    You can also use the SDK to directly make the upload but you'd need to send the file from the frontend to the backend. Our backend SDK libraries provide a wrapper for the Upload API so request building and authentication are handled automatically, and the JSON response is parsed and returned. 

    For the search API, you can use the SDK as well and like upload, the authentication is handled automatically. We recommend using the SDK or even curl in your backend.

    Alternatively, you can use the Client-side asset lists from the frontend to list assets with a specified tag however this only supports the listing of up to 1000 assets per resource.

    Finally, you can store the results of the upload response in your own database as it will provide you with the creation time, version etc. and search against that as required. 

    Thanks.

    0
    Comment actions Permalink

Please sign in to leave a comment.