Skip to main content

Overview

The delegate-upload endpoint allows your Platform to generate secure, short-lived JWT tokens for your merchants’ frontend upload widgets (Uppy). This enables direct browser-to-storage uploads while maintaining proper attribution and billing.
Delegated tokens expire after 5 minutes by default. Request a fresh token for each upload session.

Endpoint

Authentication

This endpoint requires your Platform API key in the Authorization header:
Never expose your Platform API key in frontend code. The delegate-upload call must be made from your backend.

Request Body

Example Request

Response

token
string
required
Short-lived JWT token for Uppy authentication
expires_at
string
required
ISO 8601 timestamp when the token expires

Example Response

JWT Token Claims

The generated token contains claims that are used for attribution and billing:
The same delegation token is used for both the TUS upload and the subsequent processing request. This simplifies your integration since one token handles the entire flow.

Usage Flow

1

Merchant Initiates Upload

Your merchant clicks an upload button in your frontend application.
2

Request Delegation Token

Your backend calls the delegate-upload endpoint with the merchant’s ID.
3

Pass Token to Frontend

Send the JWT token to your frontend Uppy widget.
4

Configure Uppy

Your frontend configures Uppy with the delegation token.
5

Direct Upload

Uppy uploads the file directly to our TUS server using the token for authentication. After the upload completes, Uppy returns the file URL.
6

Call Processing Endpoint

Your frontend calls the verify-pot-sizes endpoint with the same delegation token and the uploaded file URL.
7

Receive Enriched Data

The API fetches the file internally, processes it, bills the merchant (from the JWT), and returns enriched data directly in the response. See Verify Pot Sizes from Upload for the full response schema.

Error Responses

Best Practices

Don’t pre-fetch tokens. Request a fresh token when the user is ready to upload to ensure it doesn’t expire mid-upload.
If an upload fails due to token expiration, request a new token and retry. Uppy supports automatic retry with updated headers.
Use your internal user/merchant ID consistently. This ID is used for billing aggregation and usage tracking.