A pre-signed URL is a secure, time-limited link that allows temporary access to a private file stored in cloud storage services like Amazon S3, Google Cloud Storage, or Azure Blob Storage—without needing to expose credentials or make the file public.
Allowing users to upload files directly to storage without going through your server.
So, it reduces the ingress cost of the server.
- Client → Server:
User asks the backend for permission to upload a file. - Server → AWS S3:
The server generates a pre-signed URL using AWS SDK with limited permissions (e.g., PUT for uploads). - Server → Client:
Sends back the pre-signed URL to the client. - Client → S3:
Client uses the URL to upload the file directly to S3. - S3:
Validates the signature and upload, then stores the file securely.