<?xml version="1.0"?>
<query>
<userid>[UserID]</userid> <!-- required-->
<userkey>[UserKey]</userkey> <!-- required-->
<action>[Action]</action> <!-- required-->
<source>[SourceFile]</source> <!-- required-->
<format>
<output>[OutputFormat]</output> <!-- required-->
<destination>[DestinationPath]</destination>
</format>
</query>
{
"query": {
"userid": "[UserID]", // required
"userkey": "[UserKey]", // required
"action": "[Action]", // required
"source": "[SourceFile]", // required
"format": {
"output": "[OutputFormat]", // required
"destination": "[DestinationPath]"
}
}
}
| Destination Type | Description |
|---|---|
| FTP / SFTP | • ftp://[user[:password]@]hostname[:port]/[path]/[filename][?passive=yes] • sftp://[user[:password]@]hostname[:port]/[path]/[filename] |
| Amazon Web Services (S3) | • http(s)://[bucket].s3.amazonaws.com/[filename]?X-Amz-Algorithm=[Algorithm]&X-Amz-Credential=[Credential]&X-Amz-Date=[Date]&X-Amz-Expires=[Expires]&X-Amz-SignedHeaders=[Headers]&X-Amz-Signature=[Signature] — Pre-signed S3 Url. • http(s)://[bucket].s3.amazonaws.com/[filename][?acl=public-read \| authenticated-read]&canonical_id=AWS_CANONICAL_USER_ID — If you specify AWS canonical user ID in the URL, FULL_CONTROL on the object will be granted to the specified user. • http(s)://[bucket].s3.amazonaws.com/[filename][?acl=public-read \| authenticated-read]&content_type=your-own/content-type — If you specify Content type, then Amazon will add appropriate Content-type header when the object is accessed via the web. • http(s)://[bucket].s3.amazonaws.com/[filename][?acl=public-read \| authenticated-read]&content_disposition=attachment[;%20filename=”file.ext”] — If you specify Content disposition, then Amazon will add appropriate Content-Disposition header when the object is accessed via the web. • http(s)://[AWS_KEY:AWS_SECRET@][bucket].s3.amazonaws.com/[filename][?acl=public-read \| authenticated-read] — If you need your S3 files to be accessed with your own AWS credentials, add your AWS key/secret to the URL. • Also, you can add ?acl=public-read OR ?acl=authenticated-read after the filename. This will explicitly set access rights to the saved object instead of the default settings. • http(s)://[bucket].s3.amazonaws.com/[filename]?cache_control=[string] — cache_control – Can be used to specify caching behavior along the request/reply chain. • http(s)://[bucket].s3.amazonaws.com/[filename]?expires=[string] — expires – The date and time at which the object is no longer cacheable. • http(s)://[bucket].s3.amazonaws.com/[filename]?extension_content_type[[extension]]=[content\Type] — If the output format implies multiple files (e.g. HLS) you could specify which content type to use for files with particular extension. • http(s)://[bucket].s3.amazonaws.com/[filename]?assume_role=[AssumedRoleUser] — Assume Role for specified user. • http(s)://[bucket].s3.amazonaws.com/[filename]?storage_class=[STANDARD | REDUCED_REDUNDANCY | INTELLIGENT_TIERING] — specify S3 storage class. If not specified, default is STANDARD. |
| Rackspace Cloud Files | • http(s)://[RS_USER:RS_KEY@]storage.cloudfiles.com/[path]/[filename] — Virtual URL for Cloud Files • http(s)://storage4.clouddrive.com/v1/MossoCloudFS_cea19775-aa94-4d78-8da9-1a7b4bbbd548/container_name/file.ext?auth-token=c2633419-7b79-3d58-8417-d63666dddfd5 — Real URL for Cloud Files like this if you were authenticated yourself recently |
| Aspera Server | • fasp://[user[:password]@]hostname[:port]/[path]/[filename] |
| Akamai NetStorage HTTP API | • http(s)://[Key-Name]:[Key]@[Connection-Host]/[Root-Directory]/[Filename] |
| Akamai HLS Ingest | • http(s)://post.[Account].akamaihd.net/[StreamID]/[StreamName]/playlist.m3u8 — You can read full instructions how to use Akamai Ingest at our Knowledge Base. |
| Microsoft Azure Blob | • http(s)://[access_key]@[account].blob.core.windows.net/[container]/[path] • http(s)://[account].blob.core.windows.net/[container]/[path]?sig=[Signature]&se=[SignedExpiry]&sv=[SignedVersion]&sp=[SignedPermissions]&sr=[SignedResource] |
| OpenStack Cloud Storage | URL for Oracle cloud storage: • http(s)://[user[:password]@]storage.[region].oraclecloud.com/v1/[service-endpoint]/[container]/[object] Swift tempauth(v1) • swift://[user[:password]@]hostname[:port]/v1/[tenant]/[container]/[object] Swift identity (v2.0) • swift://[user[:password]@]hostname[:port]/v2.0/[tenant]/[container]/[object] |
| S3 NetApp | • s3://[AccessKey[:SecretKey]@]hostname[:Port]/[Object] |
| Wasabi S3 | • s3://[AccessKey[:SecretKey]@]s3.wasabisys.com/[Bucket]/[Object] |
| Backblaze S3 | • s3://[AccessKey[:SecretKey]@]s3.[Region].backblazeb2.com/[Bucket]/[Object] |
Pre-Signed Amazon AWS S3 URL query parameters
| Parameter | Description |
|---|---|
| X-Amz-Algorithm | Signature algorithm. |
| X-Amz-Credential | Access Key and Scope |
| X-Amz-Date | Signature date in format "_yyyyMMdd_T_HHmmss_Z" |
| X-Amz-Expires | Expiration time in seconds |
| X-Amz-SignedHeaders | Headers list separated with ";" sign |
| X-Amz-Signature | Signature hash |
Pre-Signed Microsoft Azure Blob URL query parameters
| Parameter | Description |
|---|---|
| sig | Signature hash |
| se | Signature expiration date in one of the ISO 8601 UTC formats |
| sv | Signature service version |
| sp | Permitted operations on the signed blob resource. Permissions may be combined. |
| sr | Signed blob resource type |
For FTP URL
Adding ?passive=yes to the FTP URL forces downloader/uploader to use Passive Mode for FTP transfer. Many FTP services require the use of passive FTP due to firewalling.
Also, you can specify ?passive=no (the default) explicitly.
For Amazon S3
Do not forget to URL encode your AWS_SECRET, in particular, replacing '/' with '%2F'. This is necessary for legacy compatibility with the platform, and should be performed in addition to the urlencode of the entire XML or JSON request when POSTing to the API endpoint.
If you don't specify AWS key/secret, the bucket must have READ and WRITE permissions for:
- AWS user: 1a85ad8fea02b4d948b962948f69972a72da6bed800a7e9ca7d0b43dc61d5869
- Account ID: "AWS": "456240961796"
- ARN ID: arn:aws:iam::456240961796:root
See Amazon S3 ACL for more details.
See Percent-encoding for more details on URLencoding.
Using specific S3 endpoints:
To use a specific S3 endpoint/region, replace ‘s3.amazonaws.com‘ in your S3 URL with one of the following:
- us-east-1 — s3-external-1.amazonaws.com
- us-east-2 — s3-us-east-2.amazonaws.com
- us-west-2 — s3-us-west-2.amazonaws.com
- us-west-1 — s3-us-west-1.amazonaws.com
- ca-central-1 — s3-ca-central-1.amazonaws.com
- eu-west-1 — s3-eu-west-1.amazonaws.com
- eu-west-2 — s3-eu-west-2.amazonaws.com
- eu-west-3 — s3-eu-west-3.amazonaws.com
- eu-central-1 — s3-eu-central-1.amazonaws.com
- ap-southeast-1 — s3-ap-southeast-1.amazonaws.com
- ap-southeast-2 — s3-ap-southeast-2.amazonaws.com
- ap-northeast-1 — s3-ap-northeast-1.amazonaws.com
- ap-northeast-2 — s3-ap-northeast-2.amazonaws.com
- ap-south-1 — s3-ap-south-1.amazonaws.com
- sa-east-1 — s3-sa-east-1.amazonaws.com
For Aspera Transfers
To use private key for Aspera authentication you can use SetHostKey in your API request to authenticate with an SSH key.
For Assume Role
Please use the following ARN arn:aws:iam::456240961796:root as a Principal in your Assume Role policy settings.
JSON policy:{ "Sid": "__console_pub_0", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::456240961796:root" }, "Action": "sts:AssumeRole" }
For Assume Role
You can use ExternalID when accessing your S3 using AssumeRole.
To do that, please visit Account page in the UI, in the section "AWS Assume Role External ID" generate new External ID or copy existing one, and then set up your AssumeRole policy so that it requires ExternalID.