The Upload Auth endpoint generates time-limited, cryptographically signed credentials that allow the browser to upload files directly to ImageKit without routing the binary through your Next.js server. It uses theDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/nayalsaurav/ai360/llms.txt
Use this file to discover all available pages before exploring further.
getUploadAuthParams helper from @imagekit/next/server and returns the four values the ImageKit client SDK requires to perform an authenticated upload.
Call this endpoint from the browser immediately before initiating an upload, then pass the returned values to the ImageKit upload SDK.
Request
IMAGEKIT_PRIVATE_KEY (server-side only) and NEXT_PUBLIC_IMAGEKIT_PUBLIC_KEY to sign the credentials.
Response
A successful request returns HTTP 200 with the following body:A unique token string used to authenticate this specific upload request.
Pass this to the ImageKit upload SDK as
token.Unix timestamp (seconds) indicating when the token expires. The upload
must be initiated before this time. Typically valid for a short window
(e.g. 60 seconds from generation).
An HMAC-SHA1 signature computed server-side using your
IMAGEKIT_PRIVATE_KEY.
Prevents forged upload requests. Pass this to the ImageKit upload SDK as
signature.Your ImageKit public key, returned alongside the signed params so the
client does not need to hard-code it separately.
Error Responses
| Status | Body | Cause |
|---|---|---|
500 | { "error": "Failed to generate auth params" } | getUploadAuthParams threw an error, most likely due to a missing or malformed private key. |
Credentials returned by this endpoint are single-use and short-lived.
Fetch fresh auth params immediately before every upload — do not cache or
reuse them across multiple requests.
Environment Variables
| Variable | Description |
|---|---|
IMAGEKIT_PRIVATE_KEY | Your ImageKit private API key. Never expose this client-side. |
NEXT_PUBLIC_IMAGEKIT_PUBLIC_KEY | Your ImageKit public API key. Returned to the client as publicKey. |