Skip to main content
GET
/
presigned-url
Create an upload URL
curl --request GET \
  --url https://api.fivemesh.io/v1/presigned-url \
  --header 'Authorization: Bearer <token>'
import requests

url = "https://api.fivemesh.io/v1/presigned-url"

headers = {"Authorization": "Bearer <token>"}

response = requests.get(url, headers=headers)

print(response.text)
const options = {method: 'GET', headers: {Authorization: 'Bearer <token>'}};

fetch('https://api.fivemesh.io/v1/presigned-url', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));
<?php

$curl = curl_init();

curl_setopt_array($curl, [
CURLOPT_URL => "https://api.fivemesh.io/v1/presigned-url",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>"
],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
package main

import (
"fmt"
"net/http"
"io"
)

func main() {

url := "https://api.fivemesh.io/v1/presigned-url"

req, _ := http.NewRequest("GET", url, nil)

req.Header.Add("Authorization", "Bearer <token>")

res, _ := http.DefaultClient.Do(req)

defer res.Body.Close()
body, _ := io.ReadAll(res.Body)

fmt.Println(string(body))

}
HttpResponse<String> response = Unirest.get("https://api.fivemesh.io/v1/presigned-url")
.header("Authorization", "Bearer <token>")
.asString();
require 'uri'
require 'net/http'

url = URI("https://api.fivemesh.io/v1/presigned-url")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)
request["Authorization"] = 'Bearer <token>'

response = http.request(request)
puts response.read_body
Create a short-lived upload URL that can receive files without exposing the service key. The URL is managed by the FiveMesh API. Uploads still enforce path scope, file limits, MIME allow-lists and metadata rules. Requires cdn:write.
The upload URL is not a direct storage URL. Send the upload request to the returned uploadUrl.
expiresIn
number
Optional lifetime in seconds. The API clamps it to the workspace maximum.
path
string
Optional path lock and default upload folder. Uploaded files must stay under this folder. If the upload request omits path, files are stored here.
maxFiles
number
Optional maximum number of files accepted by the URL. Defaults to 1.
maxFileSize
number
Optional maximum size per file, in bytes.
allowedMimeTypes
string
Optional comma-separated allow-list, such as image/png,image/jpeg.
allowCustomMetadata
boolean
Optional flag that allows the upload request to include metadata.
curl "https://api.fivemesh.io/v1/presigned-url?path=screenshots&maxFiles=1&allowedMimeTypes=image/png,image/jpeg" \
  -H "Authorization: Bearer $FIVEMESH_API_KEY"
{
  "success": true,
  "uploadUrl": "https://api.fivemesh.io/v1/presigned-url/UPLOAD_TOKEN",
  "method": "POST",
  "token": "UPLOAD_TOKEN",
  "expiresAt": "2026-06-16T12:00:00.000Z",
  "maxFiles": 1,
  "maxFileSize": 104857600,
  "allowedMimeTypes": ["image/png", "image/jpeg"],
  "allowCustomMetadata": false,
  "path": "screenshots",
  "requestId": "req_..."
}
The response uses Cache-Control: no-store because the upload URL is a credential.