Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/S4nti4goCoder/cloudsyncpro/llms.txt

Use this file to discover all available pages before exploring further.

The upload-file Edge Function validates the caller’s identity and workspace permissions, then generates a presigned Cloudflare R2 PUT URL. The client uploads directly to R2—bytes never route through Supabase—and then registers the file in Postgres using the returned r2Key.

Endpoint

POST /functions/v1/upload-file

Authentication

Every request must include both headers:
HeaderValue
AuthorizationBearer <access_token> — the Supabase session token
apikeyYour Supabase anonymous key
The function calls supabase.auth.getUser() to verify the token before proceeding. Requests without a valid session are rejected with 401.

Request body

fileName
string
required
Original name of the file. Non-alphanumeric characters (except ., _, -) are replaced with - when building the R2 object key.
fileType
string
required
MIME type of the file (e.g. image/png, application/pdf). Passed as ContentType to the presigned PutObject command.
fileSize
number
required
Size of the file in bytes. Passed as ContentLength to the presigned PutObject command.
workspaceId
string
required
UUID of the workspace the file belongs to. The function calls has_workspace_edit_permission via RPC to confirm the caller has at least editor-level access.
folderId
string | null
UUID of the destination folder, or null to place the file at the workspace root. Defaults to "root" in the generated R2 key when null.

Response

A successful 200 response returns:
presignedUrl
string
A signed R2 URL valid for 3600 seconds (1 hour). Issue an HTTP PUT to this URL with the file bytes, Content-Type, and Content-Length headers to complete the upload.
r2Key
string
The object key under which the file is stored in R2. Format: {workspaceId}/{folderId|"root"}/{timestamp}-{sanitizedFileName}. Store this in Postgres when registering the file record.
publicUrl
string
The full public URL to the uploaded object, composed from R2_PUBLIC_URL and the r2Key. Available immediately after the PUT succeeds if the bucket is public.

Error responses

StatusError messageCause
400Missing required fieldsfileName, fileType, or workspaceId is absent from the request body
401Missing AuthorizationNo Authorization header was sent
401UnauthorizedThe bearer token is invalid or expired
403Forbidden: insufficient roleThe authenticated user does not have edit permission in the specified workspace
500Permission check failedThe has_workspace_edit_permission RPC returned an error
500Internal server errorAn unexpected error occurred (e.g. R2 signing failure)

Examples

curl -X POST https://<project>.supabase.co/functions/v1/upload-file \
  -H "Authorization: Bearer <access_token>" \
  -H "apikey: <anon_key>" \
  -H "Content-Type: application/json" \
  -d '{
    "fileName": "quarterly-report.pdf",
    "fileType": "application/pdf",
    "fileSize": 204800,
    "workspaceId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
    "folderId": "f0e1d2c3-b4a5-6789-0123-456789abcdef"
  }'
The function calls the has_workspace_edit_permission Postgres RPC before issuing the presigned URL. Users with a viewer role will receive a 403 even if they supply a valid session token. Only editor, admin, and superadmin roles can upload files.

Build docs developers (and LLMs) love

Get started for freeTalk to us