{"id":38389,"date":"2025-09-03T07:00:00","date_gmt":"2025-09-03T14:00:00","guid":{"rendered":"https:\/\/cloudinary.com\/blog\/?p=38389"},"modified":"2025-11-06T17:14:16","modified_gmt":"2025-11-07T01:14:16","slug":"signed-urls-the-why-and-how","status":"publish","type":"post","link":"https:\/\/cloudinary.com\/blog\/signed-urls-the-why-and-how","title":{"rendered":"Signed URLs With Cloudinary: The Why and How"},"content":{"rendered":"

When uploading images to Cloudinary programmatically, you can do it from the frontend or the backend, depending on the app\u2019s needs. Frontend uploads are more common in customer-facing apps, where speed is critical, and you want the image to be on a server somewhere as soon as possible without any proxies in between. Backend uploads, on the other hand, are used when you want the image to be passed through your API or in asynchronous operations and scheduled jobs.<\/p>\n

Imagine an AI-based image transformation app where users upload images they want to be transformed using AI. An AI transformation may take quite a bit of time already, so you want to optimize the speed wherever possible. By uploading to Cloudinary from the frontend client, you\u2019ll upload your image to a geographically close region, which is then replicated to the vast number of Cloudinary CDN servers automatically.<\/p>\n

Sometimes, there are other factors involved, too. Perhaps you\u2019re limited by the payload size of your serverless platform and can\u2019t send large images. Or you just want to save on bandwidth. In such cases, you\u2019ll want the images to be uploaded to Cloudinary by the frontend, so you can just send a URL to your backend API.<\/p>\n

In all cases, images should be uploaded to Cloudinary securely using your Cloudinary API secret. When uploading from the backend, that\u2019s an easier task. You only need to use the Cloudinary SDK<\/a>, initialize it with the API key and secret, and then use the upload API to upload the image. On the frontend, things aren\u2019t so simple. Everything shipped to the browser is theoretically readable by the user, so you don\u2019t want to expose your API secret to the user. Otherwise, a malicious user might use it to upload any images to your Cloudinary account, spending your plan\u2019s tokens, which is not something that you intended.<\/p>\n

There\u2019s a workaround combining the security of the backend with the upload flexibility of the frontend, generating signed URLs for upload. In this blog post, we\u2019ll show you how this can be done.<\/p>\n

Generating Signed Upload URLs<\/h2>\n

The easiest way to generate signed upload URLs is to use the Cloudinary SDK. We\u2019ll show you an example using Next.js and the Node SDK.<\/p>\n

For simplicity, we\u2019ll use Next.js server functions to perform code meant to be executed by the backend. If you use some alternative backend implementations, you can still use this as a guideline. For those of you not familiar with Next.js server functions<\/a>, they are almost like RPCs (Remote Procedure Calls<\/a>) exposed to the client running in the browser. When a server function is called, the client sends a POST request to the Next.js backend in the background.<\/p>\n

As with any publicly accessible API, protecting it is always a good idea. The first step is to check if an authorized user has made the request. The next step is to initialize the Cloudinary SDK by providing it with your cloud name, API key, and API secret. You can find your Cloudinary cloud name by logging into your Cloudinary account and navigating to the settings page of your dashboard in API Keys<\/a>. The cloud name will be noted at the top of the page. This is also the place to obtain your API key and secret. All of this information should be stored securely in environment variables on the server.<\/p>\n

After initializing the SDK, the next step is to create a cryptographic signature that will be used for image uploads. Without the signature, anonymous users cannot upload to your Cloudinary account. The signature takes some parameters, such as timestamp, upload folder, and tags (if you would like to tag your images). These parameters, in addition to the signature, are then provided to the frontend. The only piece not provided to the frontend is your Cloudinary secret; as its name says, this should be kept secret and not exposed outside the back end.<\/p>\n

The complete code is below. The module is annotated with the use server<\/code> directive to mark it as a module that contains server functions exposed to the client.<\/p>\n

\"use server\"<\/span>;\n\nimport<\/span> { v2 as<\/span> cloudinary } from<\/span> \"cloudinary\"<\/span>;\nimport<\/span> { getCurrentUser } from<\/span> '@\/lib\/auth.ts'<\/span>;\n\nconst<\/span> CLOUDINARY_CLOUD_NAME = process.env.CLOUDINARY_CLOUD_NAME || \"\"<\/span>;\nconst<\/span> CLOUDINARY_API_KEY = process.env.CLOUDINARY_API_KEY || \"\"<\/span>;\nconst<\/span> CLOUDINARY_API_SECRET = process.env.CLOUDINARY_API_SECRET || \"\"<\/span>;\nconst<\/span> CLOUDINARY_UPLOAD_FOLDER = process.env.CLODINARY_UPLOAD_FOLDER || \"\"<\/span>;\n\nexport<\/span> const<\/span> generateCloudinarySignatureAction = async<\/span> () => {\n  \/\/ The implementation of getCurrentUser is not relevant for this blog post<\/span>\n  \/\/ However, this is only to show you that you need to protect your server actions<\/span>\n  \/\/ if image upload is only for authenticated users<\/span>\n  const<\/span> currentUser = await<\/span> getCurrentUser();\n  if<\/span> (!currentUser) {\n    throw<\/span> new<\/span> Error<\/span>(\"User not authenticated\"<\/span>) \n  }\n  \n  \/\/ Configure your Cloudinary instance with the properties obtained from the environment<\/span>\n  cloudinary.config({\n    cloud_name<\/span>: CLOUDINARY_CLOUD_NAME,\n    api_key<\/span>: CLOUDINARY_API_KEY,\n    api_secret<\/span>: CLOUDINARY_API_SECRET,\n  });\n\n  \/\/ Every signature is parametrized for the specific upload needed<\/span>\n  const<\/span> paramsToSign = {\n    timestamp<\/span>: Math<\/span>.floor(new<\/span> Date<\/span>().getTime() \/ 1000<\/span>), \/\/ Unix timestamp in seconds<\/span>\n    folder<\/span>: CLOUDINARY_UPLOAD_FOLDER, \/\/ The folder to upload the image to<\/span>\n    tags<\/span>: \"avatar-image\"<\/span>, \/\/ Optionally, tags to add to the image, comma separated<\/span>\n  };\n\n  \/\/ Call the Cloudinary SDK to sign the parameters<\/span>\n  const<\/span> signature = cloudinary.utils.api_sign_request(\n    paramsToSign,\n    CLOUDINARY_API_SECRET,\n  );\n\n  \/\/ All of the following properties are needed on the frontend to perform the upload<\/span>\n  return<\/span> {\n    signature<\/span>: signature,\n    apiKey<\/span>: CLOUDINARY_API_KEY,\n    cloudName<\/span>: CLOUDINARY_CLOUD_NAME,\n    timestamp<\/span>: paramsToSign.timestamp,\n    folder<\/span>: paramsToSign.folder,\n  };\n};\n\n<\/code><\/span>Code language:<\/span> JavaScript<\/span> (<\/span>javascript<\/span>)<\/span><\/small><\/pre>\n
On the client, we\u2019ll show how this works by working on top of an imaginary Avatar<\/code> component, which provides an onClickUpload<\/code> handler called when the user wants to change their avatar. In the handler, we first invoke the server function. In the background, Next.js makes a POST request to the backend and returns the signature result object.<\/p>\n
The code is below:<\/p>\n
\"use client\"<\/span>\n\nimport<\/span> { useState } from<\/span> \"react\"<\/span>\nimport<\/span> { Home, Settings, User } from<\/span> \"lucide-react\"<\/span>\nimport<\/span> { Avatar } from<\/span> \"@\/components\/avatar\"<\/span>\nimport<\/span> { Button } from<\/span> \"@\/components\/ui\/button\"<\/span>\nimport<\/span> { generateCloudinarySignatureAction, updateUserAvatar } from<\/span> \"@\/lib\/actions\"<\/span>\n\nexport<\/span> function<\/span> Sidebar<\/span>(<\/span>) <\/span>{\n  const<\/span> [avatarUrl, setAvatarUrl] = useState<string | null<\/span>>(null<\/span>)\n  const<\/span> [isUploading, setIsUploading] = useState(false<\/span>)\n\n  const<\/span> handleAvatarUpload = async<\/span> (imageFile: File) => {\n    try<\/span> {\n      setIsUploading(true<\/span>)\n\n      \/\/ Generate a signed upload URL from Cloudinary<\/span>\n      const<\/span> signatureResult = await<\/span> generateCloudinarySignatureAction()\n\n      \/\/ Create form data for the upload<\/span>\n      const<\/span> formData = new<\/span> FormData()\n      formData.append(\"file\"<\/span>, imageFile)\n      \/\/ Alternatively, you can also read this from something like process.env.NEXT_PUBLIC_CLOUDINARY_API_KEY<\/span>\n      formData.append(\"api_key\"<\/span>, signatureResult.apiKey);\n      formData.append(\"timestamp\"<\/span>, `${signatureResult.timestamp}<\/span>`<\/span>);\n      formData.append(\"signature\"<\/span>, signatureResult.signature);\n      formData.append(\"folder\"<\/span>, signatureResult.folder);\n      formData.append(\"tags\"<\/span>, \"avatar-image\"<\/span>);\n\n      \/\/ Upload to Cloudinary<\/span>\n      const<\/span> uploadResponse = await<\/span> fetch(uploadUrl, {\n        method<\/span>: \"POST\"<\/span>,\n        body<\/span>: formData,\n      })\n\n      const<\/span> uploadResult = await<\/span> uploadResponse.json()\n\n      if<\/span> (uploadResult.secure_url) {\n        \/\/ Update the user's avatar in the database<\/span>\n        await<\/span> updateUserAvatarAction(uploadResult.secure_url)\n        setAvatarUrl(uploadResult.secure_url)\n      }\n    } catch<\/span> (error) {\n      console<\/span>.error(\"Error uploading avatar\"<\/span>, error)\n    } finally<\/span> {\n      setIsUploading(false<\/span>)\n    }\n  }\n\n  return<\/span> (\n    <div<\/span>><\/span>\n      { \/** Other components **\/ }\n      <Avatar<\/span> url<\/span>={avatarUrl}<\/span> onClickUpload<\/span>={handleAvatarUpload}<\/span> isUploading<\/span>={isUploading}<\/span> \/><\/span>\n      { \/** Other components **\/ }\n    <\/div<\/span>><\/span><\/span>\n  )\n}\n<\/code><\/span>Code language:<\/span> JavaScript<\/span> (<\/span>javascript<\/span>)<\/span><\/small><\/pre>\n
Important Points to Note<\/h2>\n
Once a signature is generated with certain parameters, it\u2019s only valid for those parameters. This is an important point to consider when making changes to the backend API. Imagine, for example, that you have a long-running frontend app that uses backend-generated signatures to upload images to a user gallery. Then, at some point, you want to introduce tagging for such images by tagging each uploaded image with gallery<\/code>. The backend is deployed, and you start seeing failed user uploads in your logs. This means some users obtained the signature from the old API and then attempted to upload. Since signatures are also used to validate that no parameters originally meant for the image were tampered with (a good security measure!), those older upload URLs are no longer valid.<\/p>\n
To avoid this, always make sure to do proper change management of your API, via API versioning, for example.<\/p>\n
Conclusion<\/h2>\n
Cloudinary\u2019s signed upload URLs are another tool you can use with Cloudinary to upload your assets. With them, image uploads aren\u2019t only restricted to backend services but can be used directly by the end-user, which securely provides speed and simplicity.<\/p>\n
Sign up for a free Cloudinary account<\/a> to try it out for yourself. Cloudinary offers a free-for-life individual access tier, so you can get all of Cloudinary forever starting today.<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"","protected":false},"author":87,"featured_media":38390,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_cloudinary_featured_overwrite":false,"footnotes":""},"categories":[1],"tags":[370,264],"class_list":["post-38389","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-image","tag-security"],"acf":[],"yoast_head":"\nSecure Image Uploads With Cloudinary Signed URLs<\/title>\n<meta name=\"description\" content=\"Learn how to use the Cloudinary signed URL feature works to enable secure and fast image uploads directly from the frontend, without exposing your API secret.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cloudinary.com\/blog\/signed-urls-the-why-and-how\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Signed URLs With Cloudinary: The Why and How\" \/>\n<meta property=\"og:description\" content=\"Learn how to use the Cloudinary signed URL feature works to enable secure and fast image uploads directly from the frontend, without exposing your API secret.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cloudinary.com\/blog\/signed-urls-the-why-and-how\" \/>\n<meta property=\"og:site_name\" content=\"Cloudinary Blog\" \/>\n<meta property=\"article:published_time\" content=\"2025-09-03T14:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-07T01:14:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/res.cloudinary.com\/cloudinary-marketing\/images\/f_auto,q_auto\/v1755643233\/Signed_URLs_With_Cloudinary__The_Why_and_How-blog\/Signed_URLs_With_Cloudinary__The_Why_and_How-blog.jpg?_i=AA\" \/>\n\t<meta property=\"og:image:width\" content=\"2000\" \/>\n\t<meta property=\"og:image:height\" content=\"1100\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"melindapham\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"NewsArticle\",\"@id\":\"https:\/\/cloudinary.com\/blog\/signed-urls-the-why-and-how#article\",\"isPartOf\":{\"@id\":\"https:\/\/cloudinary.com\/blog\/signed-urls-the-why-and-how\"},\"author\":{\"name\":\"melindapham\",\"@id\":\"https:\/\/cloudinary.com\/blog\/#\/schema\/person\/0d5ad601e4c3b5be89245dfb14be42d9\"},\"headline\":\"Signed URLs With Cloudinary: The Why and How\",\"datePublished\":\"2025-09-03T14:00:00+00:00\",\"dateModified\":\"2025-11-07T01:14:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/cloudinary.com\/blog\/signed-urls-the-why-and-how\"},\"wordCount\":8,\"publisher\":{\"@id\":\"https:\/\/cloudinary.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/cloudinary.com\/blog\/signed-urls-the-why-and-how#primaryimage\"},\"thumbnailUrl\":\"https:\/\/res.cloudinary.com\/cloudinary-marketing\/images\/f_auto,q_auto\/v1755643233\/Signed_URLs_With_Cloudinary__The_Why_and_How-blog\/Signed_URLs_With_Cloudinary__The_Why_and_How-blog.jpg?_i=AA\",\"keywords\":[\"Image\",\"Security\"],\"inLanguage\":\"en-US\",\"copyrightYear\":\"2025\",\"copyrightHolder\":{\"@id\":\"https:\/\/cloudinary.com\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/cloudinary.com\/blog\/signed-urls-the-why-and-how\",\"url\":\"https:\/\/cloudinary.com\/blog\/signed-urls-the-why-and-how\",\"name\":\"Secure Image Uploads With Cloudinary Signed URLs\",\"isPartOf\":{\"@id\":\"https:\/\/cloudinary.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/cloudinary.com\/blog\/signed-urls-the-why-and-how#primaryimage\"},\"image\":{\"@id\":\"https:\/\/cloudinary.com\/blog\/signed-urls-the-why-and-how#primaryimage\"},\"thumbnailUrl\":\"https:\/\/res.cloudinary.com\/cloudinary-marketing\/images\/f_auto,q_auto\/v1755643233\/Signed_URLs_With_Cloudinary__The_Why_and_How-blog\/Signed_URLs_With_Cloudinary__The_Why_and_How-blog.jpg?_i=AA\",\"datePublished\":\"2025-09-03T14:00:00+00:00\",\"dateModified\":\"2025-11-07T01:14:16+00:00\",\"description\":\"Learn how to use the Cloudinary signed URL feature works to enable secure and fast image uploads directly from the frontend, without exposing your API secret.\",\"breadcrumb\":{\"@id\":\"https:\/\/cloudinary.com\/blog\/signed-urls-the-why-and-how#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/cloudinary.com\/blog\/signed-urls-the-why-and-how\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cloudinary.com\/blog\/signed-urls-the-why-and-how#primaryimage\",\"url\":\"https:\/\/res.cloudinary.com\/cloudinary-marketing\/images\/f_auto,q_auto\/v1755643233\/Signed_URLs_With_Cloudinary__The_Why_and_How-blog\/Signed_URLs_With_Cloudinary__The_Why_and_How-blog.jpg?_i=AA\",\"contentUrl\":\"https:\/\/res.cloudinary.com\/cloudinary-marketing\/images\/f_auto,q_auto\/v1755643233\/Signed_URLs_With_Cloudinary__The_Why_and_How-blog\/Signed_URLs_With_Cloudinary__The_Why_and_How-blog.jpg?_i=AA\",\"width\":2000,\"height\":1100,\"caption\":\"Image showing a plated croissant with the cloudinary logo and representing the Cloudinary signed URL process\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/cloudinary.com\/blog\/signed-urls-the-why-and-how#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/cloudinary.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Signed URLs With Cloudinary: The Why and How\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/cloudinary.com\/blog\/#website\",\"url\":\"https:\/\/cloudinary.com\/blog\/\",\"name\":\"Cloudinary Blog\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/cloudinary.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/cloudinary.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/cloudinary.com\/blog\/#organization\",\"name\":\"Cloudinary Blog\",\"url\":\"https:\/\/cloudinary.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cloudinary.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/res.cloudinary.com\/cloudinary-marketing\/images\/f_auto,q_auto\/v1649718331\/Web_Assets\/blog\/cloudinary_logo_for_white_bg_1937437aa7_19374666c7_193742f877\/cloudinary_logo_for_white_bg_1937437aa7_19374666c7_193742f877.png?_i=AA\",\"contentUrl\":\"https:\/\/res.cloudinary.com\/cloudinary-marketing\/images\/f_auto,q_auto\/v1649718331\/Web_Assets\/blog\/cloudinary_logo_for_white_bg_1937437aa7_19374666c7_193742f877\/cloudinary_logo_for_white_bg_1937437aa7_19374666c7_193742f877.png?_i=AA\",\"width\":312,\"height\":60,\"caption\":\"Cloudinary Blog\"},\"image\":{\"@id\":\"https:\/\/cloudinary.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/cloudinary.com\/blog\/#\/schema\/person\/0d5ad601e4c3b5be89245dfb14be42d9\",\"name\":\"melindapham\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cloudinary.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e6f989fa97fe94be61596259d8629c3df65aec4c7da5c0000f90d810f313d4f4?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e6f989fa97fe94be61596259d8629c3df65aec4c7da5c0000f90d810f313d4f4?s=96&d=mm&r=g\",\"caption\":\"melindapham\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Secure Image Uploads With Cloudinary Signed URLs","description":"Learn how to use the Cloudinary signed URL feature works to enable secure and fast image uploads directly from the frontend, without exposing your API secret.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cloudinary.com\/blog\/signed-urls-the-why-and-how","og_locale":"en_US","og_type":"article","og_title":"Signed URLs With Cloudinary: The Why and How","og_description":"Learn how to use the Cloudinary signed URL feature works to enable secure and fast image uploads directly from the frontend, without exposing your API secret.","og_url":"https:\/\/cloudinary.com\/blog\/signed-urls-the-why-and-how","og_site_name":"Cloudinary Blog","article_published_time":"2025-09-03T14:00:00+00:00","article_modified_time":"2025-11-07T01:14:16+00:00","og_image":[{"width":2000,"height":1100,"url":"https:\/\/res.cloudinary.com\/cloudinary-marketing\/images\/f_auto,q_auto\/v1755643233\/Signed_URLs_With_Cloudinary__The_Why_and_How-blog\/Signed_URLs_With_Cloudinary__The_Why_and_How-blog.jpg?_i=AA","type":"image\/jpeg"}],"author":"melindapham","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/cloudinary.com\/blog\/signed-urls-the-why-and-how#article","isPartOf":{"@id":"https:\/\/cloudinary.com\/blog\/signed-urls-the-why-and-how"},"author":{"name":"melindapham","@id":"https:\/\/cloudinary.com\/blog\/#\/schema\/person\/0d5ad601e4c3b5be89245dfb14be42d9"},"headline":"Signed URLs With Cloudinary: The Why and How","datePublished":"2025-09-03T14:00:00+00:00","dateModified":"2025-11-07T01:14:16+00:00","mainEntityOfPage":{"@id":"https:\/\/cloudinary.com\/blog\/signed-urls-the-why-and-how"},"wordCount":8,"publisher":{"@id":"https:\/\/cloudinary.com\/blog\/#organization"},"image":{"@id":"https:\/\/cloudinary.com\/blog\/signed-urls-the-why-and-how#primaryimage"},"thumbnailUrl":"https:\/\/res.cloudinary.com\/cloudinary-marketing\/images\/f_auto,q_auto\/v1755643233\/Signed_URLs_With_Cloudinary__The_Why_and_How-blog\/Signed_URLs_With_Cloudinary__The_Why_and_How-blog.jpg?_i=AA","keywords":["Image","Security"],"inLanguage":"en-US","copyrightYear":"2025","copyrightHolder":{"@id":"https:\/\/cloudinary.com\/#organization"}},{"@type":"WebPage","@id":"https:\/\/cloudinary.com\/blog\/signed-urls-the-why-and-how","url":"https:\/\/cloudinary.com\/blog\/signed-urls-the-why-and-how","name":"Secure Image Uploads With Cloudinary Signed URLs","isPartOf":{"@id":"https:\/\/cloudinary.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cloudinary.com\/blog\/signed-urls-the-why-and-how#primaryimage"},"image":{"@id":"https:\/\/cloudinary.com\/blog\/signed-urls-the-why-and-how#primaryimage"},"thumbnailUrl":"https:\/\/res.cloudinary.com\/cloudinary-marketing\/images\/f_auto,q_auto\/v1755643233\/Signed_URLs_With_Cloudinary__The_Why_and_How-blog\/Signed_URLs_With_Cloudinary__The_Why_and_How-blog.jpg?_i=AA","datePublished":"2025-09-03T14:00:00+00:00","dateModified":"2025-11-07T01:14:16+00:00","description":"Learn how to use the Cloudinary signed URL feature works to enable secure and fast image uploads directly from the frontend, without exposing your API secret.","breadcrumb":{"@id":"https:\/\/cloudinary.com\/blog\/signed-urls-the-why-and-how#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cloudinary.com\/blog\/signed-urls-the-why-and-how"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cloudinary.com\/blog\/signed-urls-the-why-and-how#primaryimage","url":"https:\/\/res.cloudinary.com\/cloudinary-marketing\/images\/f_auto,q_auto\/v1755643233\/Signed_URLs_With_Cloudinary__The_Why_and_How-blog\/Signed_URLs_With_Cloudinary__The_Why_and_How-blog.jpg?_i=AA","contentUrl":"https:\/\/res.cloudinary.com\/cloudinary-marketing\/images\/f_auto,q_auto\/v1755643233\/Signed_URLs_With_Cloudinary__The_Why_and_How-blog\/Signed_URLs_With_Cloudinary__The_Why_and_How-blog.jpg?_i=AA","width":2000,"height":1100,"caption":"Image showing a plated croissant with the cloudinary logo and representing the Cloudinary signed URL process"},{"@type":"BreadcrumbList","@id":"https:\/\/cloudinary.com\/blog\/signed-urls-the-why-and-how#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cloudinary.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Signed URLs With Cloudinary: The Why and How"}]},{"@type":"WebSite","@id":"https:\/\/cloudinary.com\/blog\/#website","url":"https:\/\/cloudinary.com\/blog\/","name":"Cloudinary Blog","description":"","publisher":{"@id":"https:\/\/cloudinary.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cloudinary.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/cloudinary.com\/blog\/#organization","name":"Cloudinary Blog","url":"https:\/\/cloudinary.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cloudinary.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/res.cloudinary.com\/cloudinary-marketing\/images\/f_auto,q_auto\/v1649718331\/Web_Assets\/blog\/cloudinary_logo_for_white_bg_1937437aa7_19374666c7_193742f877\/cloudinary_logo_for_white_bg_1937437aa7_19374666c7_193742f877.png?_i=AA","contentUrl":"https:\/\/res.cloudinary.com\/cloudinary-marketing\/images\/f_auto,q_auto\/v1649718331\/Web_Assets\/blog\/cloudinary_logo_for_white_bg_1937437aa7_19374666c7_193742f877\/cloudinary_logo_for_white_bg_1937437aa7_19374666c7_193742f877.png?_i=AA","width":312,"height":60,"caption":"Cloudinary Blog"},"image":{"@id":"https:\/\/cloudinary.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/cloudinary.com\/blog\/#\/schema\/person\/0d5ad601e4c3b5be89245dfb14be42d9","name":"melindapham","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cloudinary.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e6f989fa97fe94be61596259d8629c3df65aec4c7da5c0000f90d810f313d4f4?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e6f989fa97fe94be61596259d8629c3df65aec4c7da5c0000f90d810f313d4f4?s=96&d=mm&r=g","caption":"melindapham"}}]}},"jetpack_featured_media_url":"https:\/\/res.cloudinary.com\/cloudinary-marketing\/images\/f_auto,q_auto\/v1755643233\/Signed_URLs_With_Cloudinary__The_Why_and_How-blog\/Signed_URLs_With_Cloudinary__The_Why_and_How-blog.jpg?_i=AA","_links":{"self":[{"href":"https:\/\/cloudinary.com\/blog\/wp-json\/wp\/v2\/posts\/38389","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudinary.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudinary.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudinary.com\/blog\/wp-json\/wp\/v2\/users\/87"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudinary.com\/blog\/wp-json\/wp\/v2\/comments?post=38389"}],"version-history":[{"count":2,"href":"https:\/\/cloudinary.com\/blog\/wp-json\/wp\/v2\/posts\/38389\/revisions"}],"predecessor-version":[{"id":39168,"href":"https:\/\/cloudinary.com\/blog\/wp-json\/wp\/v2\/posts\/38389\/revisions\/39168"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudinary.com\/blog\/wp-json\/wp\/v2\/media\/38390"}],"wp:attachment":[{"href":"https:\/\/cloudinary.com\/blog\/wp-json\/wp\/v2\/media?parent=38389"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudinary.com\/blog\/wp-json\/wp\/v2\/categories?post=38389"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudinary.com\/blog\/wp-json\/wp\/v2\/tags?post=38389"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
It\u2019s also important to note at this point that the above code shows how to upload the image manually, in case you would want to have complete control over the entire process. If you\u2019d just like to get running as soon as possible, you can also use Cloudinary\u2019s upload widget<\/a> (although the signature generation part on the backend is the same).<\/p>\n
We\u2019ll then create a FormData<\/a> object and attach the properties from the signature and the image file. We can then upload the image to Cloudinary using a plain fetch<\/code> call. The response will be an object with the secure_url<\/code> property, which contains the URL of the uploaded image. We can then send this URL to the backend or use it to update the client\u2019s avatar immediately.<\/p>\n