Hi All,
Here a quick way to upload files to Bubble storage and make them private. Use the fileupload API that is available in every bubble app, here the API connector settings:
It used to be somewhere in the documentation but I cannot find it anymore. It took me quite some time searching the forum (this tip is also for future me 
).
Oh cool. Never new how to make it private. No need to specify the data type?
No, not needed indeed. It seems the unique IDās must be unique to your app and not just the data type.
Exactly. You donāt need to set the type, only the unique ID. However, it doesnāt mean this is set into a field of this item. Only private to this item.
Bookmarked!
Thanks for the share!
Does anyone know if the /fileupload API can be used to upload file in chunks or accepts other encoding than Base64?
Iām trying to build a plugin where bigger files can be uploaded in backend so that, if files are uploaded by user without the thing that the file should be attached to already existing, the files can be reuploaded as private as soon as the thing is created.
Atm there is a tool aquired by Zeroqode which does that but also relies on base64 encoding. It seems that the plugin stops working with files larger then ~5.5MB
In theory it should work as the multifileuploader also relies on the /fileupload endpoint for files up to 50MB but I really cannot figure it out without proper documentation of the endpoint.
Best
Florian
The plugin that you are talking about is a server side plugin. Server side action are very limited in memory and this is why it fail if files are too large.
I guess fileupload endpoint should be able to handle large file uploadā¦ but from backend? not sureā¦
Yeah, currently the plugin Iām building always crashes due to memory constraints.
Thatās why Iām trying to load only part of a file from the origin URL and upload in chunks to /fileupload to try to work within the memory constraints of 128MB. Iām just not clear if the /fileupload endpoint accepts chunked filesā¦
I donāt think this is available from what I know.
Welp, anywhere you look in Bubble there are mind numbing limitations when it comes to trying to setting up your app to properly enable privacy for user data. Itās just so frustrating
Can you explain what is your issue exactly? How file is uploaded actually? From API Connector? Which type of file? (if this is large, is it a video?) Maybe you could consider a third party storage solution insteadā¦
Iām providing my users with a regular file system (am building a multi-tenant procurement platform for construction services). The uploaded files get attached to Things and should be privacy gated. Based on my logic I must create the Things that are attached to in a backend workflow. So the users use Mutlifile uploader to upload files and these then are reuploaded with (currently) the Zeroqode plugin to get attached to the Thing created in the backend.
I donāt want to switch to a third party file solution as Iāve already tried it out and it will just add another layer of complexity to the already complex app. Thatās why Iām trying to solve it with āvanillaā Bubble File system and custom pluginā¦
You need to create an item for each file?
Heureka, I (and GPT & Claude) made it work!!
Will soon release the plugin
Is there anyway to increase the limit beyond 49 MB? With Bubbleās FileUploader element you can increase the size. The API seems to only take files less than 49MBā¦ Seems like there should be a way for us to get more data in?
@Jici maybe you are aware of something here?
In backend WF?
The fileuploader (or any file uploader element) can go above this limit. The fileupload endpoint however seem to be limited to 50mb.
Iāve checked something in browser console logs. The first step seem to fetch an url using the fileupoad/geturl endpoint but thereās a JSON payload to submit that contain informations about the file and some more informations.
And after, with the response, the file is sent to the https://s3.amazonaws.com/appforest_uf endpoint as mutlipartform
Iāve tested and geturl seem to be easy to get. However, the call to send the file after return 403 forbidden. Iām not sure however if this is related to request using postman (so wrong origin) or if this need to have an AWS signature.
I donāt have time to do more test for that, but let me know if you found something
Iāve found what to do to make this workā¦ and sadly, itās seem too easy. IāVe tested in Postman with a large file (200 mb) and no privacy rules. I will do some more test tomorrowā¦
Ok. So from insomnia, I was able to send a file (private if needed) larger than 50 mb. But you need to have Bubble element ID that point to a fileuploader element set to max file size.
After, the first step will be to send a POST request to https://yourdomain/version-test/fileupload/geturlwith this payload (you can replace the version to live if needed)
{"public":true,"service":"bubble","timezone_string":"America/Toronto","serialized_context":{"element_id":"aaaaa","current_date_time":1741126604489,"timezone_offset":300,"timezone_string":"America/Toronto"},"name":"filename.ext","size":115208192,"content_type":""}
You need to modify the payload with correct informations.
if you need to set it to private, you will replace "public":true by "attach_to":"unique_id to attach to"
this will return this kind of payload
{
"url": "https://s3.amazonaws.com/appforest_uf",
"fields": {
"key": "",
"x-amz-meta-appname": "meta",
"x-amz-meta-app-version": "test",
"Content-Type": "",
"x-amz-meta-scheduled-id": "",
"acl": "public-read",
"bucket": "appforest_uf",
"X-Amz-Algorithm": "",
"X-Amz-Credential": "",
"X-Amz-Date": "",
"Policy": "",
"X-Amz-Signature": ""
},
"file_url": "file url"
}
you need to do another POST multipart form request to the url from this payload and with all the needed key starting with ākeyā, x-amz-meta-appname, x-amz-meta-app-version, Content-Type, x-amz-meta-scheduled-id, acl, bucket, X-Amz-Algorithm, X-Amz-Credential, X-Amz-Date, Policy, X-Amz-Signature and at the end, the file (with file as key)
This should return 204 response. You can store the url from the previous payload or from the ālocationā header of the 204 response.
By the way, I said sadly because for me, this is a security issue. I was able to upload a file to Bubble storage (but was limited in size because the field was set to this size)
The 49 MB limit comes from the /fileupload endpoint from bubble. For bigger uploads you have to hit another URL as per Jiciās statement. I currently donāt have a use case for bigger uploads ā bringing the plugin to work by streaming the data was quite the hastle as the lambda functions are severely memory constraint.
As I donāt know how the other endpoint works exactly, I donāt want to try it out as I have to focus on other things atmo. But feel free to fork the code and generate a plugin for bigger uploads.
I might return to it in the future if no work has been done on that front.
yeah itās crazy, the endpoint is just open - no safety guards. However itās clear from working with bubble for some time that security / privacy isnāt really fully engrained in the system.