Request a presigned upload URL

curl --request POST \ --url https://core.cyberun.cloud/api/v1/r/files/presign \ --header 'Authorization: Bearer <token>' \ --header 'Content-Type: application/json' \ --data ' { "file_name": "input_image.png", "file_size": 1048576, "content_type": "image/png" } '

{ "file_key": "inputs/019abc12-3456-7890-abcd-ef1234567890/550e8400-e29b/aW1hZ2UvcG5n/input_image.png", "upload_url": "https://s3.example.com/bucket/key?X-Amz-Signature=...", "upload_headers": {} }

Usage flow

Call this endpoint with the file name and content type.

Upload the file directly to the returned upload_url using HTTP PUT.

Use the returned file_key as the value for a type: file parameter when running a workflow.

Uploaded input files are stored in S3 and automatically cleaned up after 1 day via S3 lifecycle policy. Output artifacts from task execution are retained for 7 days.

File size limit: Configured on the server (default 500 MB). Accepts JWT Bearer, sk- integration credential, or dk- device credential.

{ "file_key": "inputs/019abc12-3456-7890-abcd-ef1234567890/550e8400-e29b/aW1hZ2UvcG5n/input_image.png", "upload_url": "https://s3.example.com/bucket/key?X-Amz-Signature=...", "upload_headers": {} }

Authorizations

Authorization

string

header

required

User session JWT (Bearer ). Must be paired with the X-Team-ID request header on team-scoped endpoints so the server knows which team's resources to operate on.

Headers

X-Team-ID

string<uuid>

UUID of the team to scope the request to. Used by dual-auth endpoints (runtime + scoped management):

JWT callers MUST send it — a user may belong to multiple teams and the runtime cannot otherwise know which one to operate on. Missing header → 400.
Credential callers (sk-, dk-) can omit it because the team is derived from the credential row itself. Any value sent is ignored.

Example:

"019abc12-4567-7890-abcd-ef1234567891"

Body

application/json

file_name

string

required

Original filename including extension (e.g. "photo.png", "clip.mp4").

Example:

"input_image.png"

file_size

integer<int64>

required

Exact file size in bytes.

Example:

1048576

content_type

string

required

MIME type of the file.

Example:

"image/png"

Response

Presigned upload URL generated

file_key

string

required

Opaque file reference to use as a parameter value when running a workflow. Pass this string as the value for any type: file parameter.

Example:

"inputs/019abc12-3456-7890-abcd-ef1234567890/550e8400-e29b/aW1hZ2UvcG5n/input_image.png"

upload_url

string<uri>

required

S3 PUT URL with a signed query string. Upload the file by sending a PUT request to this URL with the file as the request body. You must include all headers listed in upload_headers.

Security guarantees (enforced by the signature):

Content-Length — upload must match the declared file_size exactly.
If-None-Match: * — upload fails with 412 if the object already exists (prevents overwrite).

Example upload (curl):

curl -X PUT \
     -H "Content-Length: 1048576" \
     -H "If-None-Match: *" \
     --upload-file photo.png \
     "<upload_url>"

Example upload (JavaScript):

await fetch(uploadUrl, {
  method: 'PUT',
  headers: uploadHeaders,
  body: file,
});

Example:

"https://s3.example.com/bucket/key?X-Amz-Signature=..."

upload_headers

object

required

Required HTTP headers for the PUT upload. These headers are signed into the presigned URL — the request will fail with 403 if any header is missing or has a different value.

Show child attributes

Documentation Index

Authorizations

Headers

Body

Response