POST 'private' file via API

Need help
1

I have been struggling with an issue already for a long period.

In my app i want all files to be hidden from public; privacy rules :white_check_mark:

The challenge however is when i want users to use an API (POST) to send the file to an external service, the file is not accessible via the external API…

I have seen some posts where you append the fileURL with a Bubble API key you can create however sending API keys to external services is not really secure…

I tried a work around of storing the files in my own AWS S3 and then use a plugin to create AWS presigned URLs. When i put these in the API post request on the file, the file is indeed securely transfererd however this solution is not desired for two reasons;

  1. adding complexity (no need for additional S3)
  2. adding vulnerability (i need to rely on my own S3 configuration skills… there is a reason i’m using Bubble :wink:)
  3. the file is saved by the external service based on the last parameter in the URL rather than the filepath in the URL… This causes issues with type identification (which is not based on MIME) and the abaility to identify files in the external service.

Adding a proxy service may be a solution but then again (see 1 and 2…)…

Is there an easier way to keep the files secured in the Bubble S3 but with an option to access them when i trigger the API Post file call?

Thanks!!

2

Same question!

3

Don’t know if the third part relates to openAI (which is where i wanted to send my files), but the solution i’m using right now is via

  1. create upload (establish the filename)
  2. add upload part (via the s3 pre-signed URL)
  3. finish the upload (capture the file_id)
  4. connect to relevant vector store…

so got the filename issue out of the way…

Bubble should however create a feature where the existing S3 can be directly accessed via the pre-signed URL function that would significantly reduce the hassle!

1 Like
4

Isn’t the native upload to S3 technically a presigned URL? You can’t find it anywhere if you don’t attach it to a Thing.

5

Goes beyond my knowledge :wink:

I have been using a.o. a plugin from wiseable to interact with my own S3 and put files from Bubble into that S3 (and use presigned URL to get them out again).

I put the request for direct acces to S3 presigned urls on the idea board a while ago as well, but i guess it is nowhere close to being visible for the devs teams :slight_smile:

1 Like
6

This topic was automatically closed after 70 days. New replies are no longer allowed.