Storage
Upload files from any SDK. Per-bucket retention, signed URLs, cascade-on-user-delete.
Upload images, documents, and other assets from any SDK with one call. Each file is stored against the signed-in user and surfaced via a CDN URL. Buckets are configured server-side with retention policies; assets are automatically removed when the owning user is deleted.
The client SDKs expose two shapes over the same three-step flow (register → PUT the bytes → finalize): a one-call upload({ bucket, file }) that runs all three for you, and an explicit presign + commit pair for when you want to control the PUT yourself (upload through your own server, apply pre-upload validation, or run the transfer in the background).
Quick start
Operations
One-call upload (upload)
Available on platforms where the SDK can directly hold the file body (Web, React Native, Swift). Encapsulates the full presign → PUT → commit flow. Use this when the customer is uploading directly from their device.
Two-phase: presign + commit (server-side only)
Use when the upload must flow through your own server (validation, virus scanning, content rewriting), or when you want to control the PUT yourself. Available on every SDK, including web. upload() is the same three steps run for you in one call.
Patterns
Per-user avatars
Buckets aren't user-scoped on the server, but every asset's user_id is stamped from the session. The CDN URL is public; if you want privacy-by-design, point clients at the asset id and gate URL issuance through a server function.
Retention
Pass retentionDays at upload to override the bucket's default. Assets pass their retention deadline are removed by a background sweeper.
Cascade on user delete
When a user is deleted (via the admin API), every asset they own across every bucket is queued for purge. No additional work needed in your app.
Limits
- Max upload size: 50 MB for the default
mediabucket. Other buckets carry their own cap, configurable via the admin API. - Supported MIME types: each bucket has an allow-list. The default
mediabucket allows common image, video, and audio types (image/jpeg,image/png,image/webp,image/gif,video/mp4,video/webm,video/quicktime,video/x-m4v,audio/mpeg,audio/aac,audio/ogg,audio/mp4). AmimeTypeoutside the list is rejected with a400. The server records what you declare; it doesn't transcode or validate content. - CDN edge cache: asset responses cache at the CDN for ~5 minutes by default.
- Buckets are pre-created: defined via the admin API (
POST /admin/projects/:projectId/storage/bucketswith{ "name": "avatars", "public": true }) before the client can upload. - Per-asset metadata: only the SDK-supplied fields (
bucket,filename,mimeType,sizeBytes,retentionDays) are first-class. For custom metadata, attach it to a collection row referencingasset_id.
Reference
- Client API — media — presign + commit endpoints.
- Bucket creation + policy management:
POST/GET/PATCH/DELETE /admin/projects/:projectId/storage/buckets[/:name]. Bucket responses includebucket_path(the URL path segment assets are served under; defaults to the bucket name). The legacyr2_bucket_pathfield is a deprecated alias ofbucket_path— still accepted on create and emitted in responses for back-compat, but new integrations should usebucket_path. - Auth feature — prerequisite.
- Per-platform quickstarts: Web, Node, iOS, Android, Flutter, Unity.