Signing CldUploadWidget Uploads

Signing requests is an easy way to provide enhanced security for your file uploads. This helps deter people from making unauthenticated uploads to your cloud.

Configuring Signed Uploads

Setting up CldUploadWidget to sign uploads is as simple as passing an API endpoint as a prop:

<script>
	import { CldUploadWidget } from 'svelte-cloudinary';
</script>

<CldUploadWidget signatureEndpoint="<API Endpoint (ex: /api/sign-cloudinary-params)>" let:open>
	<button on:click={open}> Upload an Image </button>
</CldUploadWidget>

However, that API endpoint needs to return a specific shape in order to properly communicate with the CldUpload Widget.

API Endpoint to Sign Requests

When working in SvelteKit, we gain access to a server environment through both somewhat traditional means and serverless functions.

This means, we can use the Cloudinary Node SDK in order to easily sign our requests.

To start off, install the Cloudinary Node SDK with:

npm install cloudinary

In order to sign our requests, we’ll need to use our Cloudinary API Key and Secret, so set additional environment variables:

VITE_PUBLIC_CLOUDINARY_API_KEY="<Your API Key>"
CLOUDINARY_API_SECRET="<Your API Secret>"

Then, we want to create a new API endpoint, using a +server.js file.

import { v2 as cloudinary } from "cloudinary";
import { env } from '$env/dynamic/private';
import { error, json } from "@sveltejs/kit";

export const POST = (async ({ request }) => {
	const body = await request.json()
	const { paramsToSign } = body;
	try {
		const signature = cloudinary.utils.api_sign_request(
			paramsToSign,
			env.CLOUDINARY_API_SECRET
		);
		return json({ signature })
	} catch (e) {
		console.error(e)
		throw error(500, (e as Error).message)
	}
});