You can now generate time-bound signed URLs for Vercel Blob. A signed URL is a scoped URL with an expiry that allows you to upload, download, inspect, or delete a specific object without giving access to your entire Blob store.
Each URL is scoped to a single operation (
Upload URLs (
Delete URLs accept an
Signed URLs work alongside OIDC. Your server authenticates to Blob via OIDC, generates a signed token, and produces narrowly scoped, time-bound URLs for the browser, so your long-lived
Update
Read more
Continue reading...
Each URL is scoped to a single operation (
put, get, head, or delete), a single pathname, and an expiry you choose, up to 7 days. The signature covers the operation and constraints, so a URL signed for a GET can't be reused as a PUT.Direct uploads from the browser
Upload URLs (
put) support multipart, so the browser can stream large files straight to Blob storage without round-tripping through your server.Conditional deletes
Delete URLs accept an
ifMatch option so the delete only applies if the object hasn't been overwritten since you signed the URL:Signed URLs work alongside OIDC. Your server authenticates to Blob via OIDC, generates a signed token, and produces narrowly scoped, time-bound URLs for the browser, so your long-lived
BLOB_READ_WRITE_TOKEN never leaves the server.Update
@vercel/blob to 2.4.0 and read the documentation to get started.Read more
Continue reading...