Skip to main content
Use scoped upload URLs when another script or client-visible integration needs to upload a file without receiving the service key. The SDK calls GET /presigned-url with your server-side service key and returns a short-lived uploadUrl. Uploads sent to that URL are checked against the path, file count, file size and MIME rules you configured.

Create an upload URL

local upload = exports["fivemesh-sdk"]:createPresignedUrl({
    path = "uploads",
    maxFiles = 1,
    expiresIn = 3600,
    allowedMimeTypes = { "image/png", "image/jpeg" },
    allowCustomMetadata = true
})

print(upload.uploadUrl)
The returned URL is a credential. Keep it short-lived and scoped to the path the caller needs.

Upload with the URL

Use uploadWithPresignedUrl if a server resource already has a token or full upload URL and wants to send a file through it.
local result = exports["fivemesh-sdk"]:uploadWithPresignedUrl(upload.uploadUrl, fileBytes, {
    filename = "proof.png",
    metadata = {
        source = "support"
    }
})

print(result.object.publicUrl)

Options

OptionDescription
pathLocks uploads to a CDN folder.
maxFilesMaximum files accepted by the URL.
expiresInURL lifetime in seconds.
maxFileSizeMaximum bytes accepted per file.
allowedMimeTypesMIME allow-list such as image/png or image/jpeg.
allowCustomMetadataAllows upload requests to include metadata.