<?xml version="1.0"?>
<query>
    <userid>[UserID]</userid> <!-- required-->
    <userkey>[UserKey]</userkey> <!-- required-->
    <action>[Action]</action> <!-- required-->
    <source>[SourceFile]</source> <!-- required-->
    <format>
        <output>[OutputFormat]</output> <!-- required-->
        <destination>[DestinationPath]</destination>
    </format>
</query>

{
    "query": {
        "userid": "[UserID]", // required
        "userkey": "[UserKey]", // required
        "action": "[Action]", // required
        "source": "[SourceFile]", // required
        "format": {
            "output": "[OutputFormat]", // required
            "destination": "[DestinationPath]"
        }
    }
}

Destination Type	Description
FTP / SFTP	• ftp://[user[:password]@]hostname[:port]/[path]/[?passive=yes] • sftp://[user[:password]@]hostname[:port]/[path]/[filename]
Amazon Web Services (S3)	• http(s)://[bucket].s3.amazonaws.com/[filename]?X-Amz-Algorithm=[Algorithm]&X-Amz-Credential=[Credential]&X-Amz-Date=[Date]&X-Amz-Expires=[Expires]&X-Amz-SignedHeaders=[Headers]&X-Amz-Signature=[Signature] — Pre-signed S3 Url. • http(s)://[bucket].s3.amazonaws.com/[?acl=public-read \\| authenticated-read]&canonical_id=AWS_CANONICAL_USER_ID — If you specify AWS canonical user ID in the URL, FULL_CONTROL on the object will be granted to the specified user. • http(s)://[bucket].s3.amazonaws.com/[?acl=public-read \\| authenticated-read]&content_type=your-own/content-type — If you specify Content type, then Amazon will add appropriate Content-type header when the object is accessed via the web. • http(s)://[bucket].s3.amazonaws.com/[?acl=public-read \\| authenticated-read]&content_disposition=attachment[;%20filename=”file.ext”] — If you specify Content disposition, then Amazon will add appropriate Content-Disposition header when the object is accessed via the web. • http(s)://[bucket].s3.amazonaws.com/[?acl=public-read \\| authenticated-read] — If you need your S3 files to be accessed with your own AWS credentials, add your AWS key/secret to the URL. • Also, you can add ?acl=public-read OR ?acl=authenticated-read after the filename. This will explicitly set access rights to the saved object instead of the default settings. • http(s)://[bucket].s3.amazonaws.com/[filename]?cache_control=[string] — cache_control – Can be used to specify caching behavior along the request/reply chain. • http(s)://[bucket].s3.amazonaws.com/[filename]?expires=[string] — expires – The date and time at which the object is no longer cacheable. • http(s)://[bucket].s3.amazonaws.com/[filename]?extension_content_type[[extension]]=[content\Type] — If the output format implies multiple files (e.g. HLS) you could specify which content type to use for files with particular extension. • http(s)://[bucket].s3.amazonaws.com/[filename]?assume_role=[AssumedRoleUser] — Assume Role for specified user. • http(s)://[bucket].s3.amazonaws.com/[filename]?storage_class=[STANDARD \| REDUCED_REDUNDANCY \| INTELLIGENT_TIERING][STANDARD \
Rackspace Cloud Files	• http(s)://[RS_USER:RS_KEY@][RS_USER:RS_KEY@]storage.cloudfiles.com/[path]/[filename] — Virtual URL for Cloud Files • http(s)://storage4.clouddrive.com/v1/MossoCloudFS_cea19775-aa94-4d78-8da9-1a7b4bbbd548/container_name/file.ext?auth-token=c2633419-7b79-3d58-8417-d63666dddfd5 — Real URL for Cloud Files like this if you were authenticated yourself recently
Aspera Server	• fasp://[user[:password]@]hostname[:port]/[path]/[filename]
Akamai NetStorage HTTP API	• http(s)://[Key-Name]:[Key]@[Connection-Host]/[Root-Directory]/[Filename]
Akamai HLS Ingest	• http(s)://post.[Account].akamaihd.net/[StreamID]/[StreamName]/playlist.m3u8 — You can read full instructions how to use Akamai Ingest at our Knowledge Base.
Microsoft Azure Blob	• http(s)://[access_key]@[account].blob.core.windows.net/[container]/[path] • http(s)://[account].blob.core.windows.net/[container]/[path]?sig=[Signature]&se=[SignedExpiry]&sv=[SignedVersion]&sp=[SignedPermissions]&sr=[SignedResource]
OpenStack Cloud Storage	URL for Oracle cloud storage: • http(s)://[user[:password]@]storage.[region].oraclecloud.com/v1/[service-endpoint]/[container]/[object] Swift tempauth(v1) • swift://[user[:password]@]hostname[:port]/v1/[tenant]/[container]/[object] Swift identity (v2.0) • swift://[user[:password]@]hostname[:port]/v2.0/[tenant]/[container]/[object]
S3 NetApp	• s3://[AccessKey[:SecretKey]@]hostname[:Port]/[Object]
Wasabi S3	• s3://[AccessKey[:SecretKey]@]s3.wasabisys.com/[Bucket]/[Object]
Backblaze S3	• s3://[AccessKey[:SecretKey]@]s3.[Region].backblazeb2.com/[Bucket]/[Object]

Pre-Signed Amazon AWS S3 URL query parameters

Parameter	Description
X-Amz-Algorithm	Signature algorithm.
X-Amz-Credential	Access Key and Scope
X-Amz-Date	Signature date in format "_yyyyMMdd_T_HHmmss_Z"
X-Amz-Expires	Expiration time in seconds
X-Amz-SignedHeaders	Headers list separated with ";" sign
X-Amz-Signature	Signature hash

Pre-Signed Microsoft Azure Blob URL query parameters

Parameter	Description
sig	Signature hash
se	Signature expiration date in one of the ISO 8601 UTC formats
sv	Signature service version
sp	Permitted operations on the signed blob resource. Permissions may be combined.
sr	Signed blob resource type

👍
For FTP URL
Adding ?passive=yes to the FTP URL forces downloader/uploader to use Passive Mode for FTP transfer. Many FTP services require the use of passive FTP due to firewalling.
Also, you can specify ?passive=no (the default) explicitly.

👍
For Amazon S3

Do not forget to URL encode your AWS_SECRET, in particular, replacing '/' with '%2F'. This is necessary for legacy compatibility with the platform, and should be performed in addition to the urlencode of the entire XML or JSON request when POSTing to the API endpoint.

If you don't specify AWS key/secret, the bucket must have READ and WRITE permissions for:

AWS user: 1a85ad8fea02b4d948b962948f69972a72da6bed800a7e9ca7d0b43dc61d5869

Account ID: "AWS": "456240961796"

ARN ID: arn:aws:iam::456240961796:root

See Amazon S3 ACL for more details.

See Percent-encoding for more details on URLencoding.

Using specific S3 endpoints:
To use a specific S3 endpoint/region, replace ‘s3.amazonaws.com‘ in your S3 URL with one of the following:

us-east-1 — s3-external-1.amazonaws.com

us-east-2 — s3-us-east-2.amazonaws.com

us-west-2 — s3-us-west-2.amazonaws.com

us-west-1 — s3-us-west-1.amazonaws.com

ca-central-1 — s3-ca-central-1.amazonaws.com

eu-west-1 — s3-eu-west-1.amazonaws.com

eu-west-2 — s3-eu-west-2.amazonaws.com

eu-west-3 — s3-eu-west-3.amazonaws.com

eu-central-1 — s3-eu-central-1.amazonaws.com

ap-southeast-1 — s3-ap-southeast-1.amazonaws.com

ap-southeast-2 — s3-ap-southeast-2.amazonaws.com

ap-northeast-1 — s3-ap-northeast-1.amazonaws.com

ap-northeast-2 — s3-ap-northeast-2.amazonaws.com

ap-south-1 — s3-ap-south-1.amazonaws.com

sa-east-1 — s3-sa-east-1.amazonaws.com

👍
For Aspera Transfers
To use private key for Aspera authentication you can use SetHostKey in your API request to authenticate with an SSH key.

📘
For Assume Role
Please use the following ARN arn:aws:iam::456240961796:root as a Principal in your Assume Role policy settings.
JSON policy: { "Sid": "__console_pub_0", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::456240961796:root" }, "Action": "sts:AssumeRole" }

🚧
For Assume Role
You can use ExternalID when accessing your S3 using AssumeRole.
To do that, please visit Account page in the UI, in the section "AWS Assume Role External ID" generate new External ID or copy existing one, and then set up your AssumeRole policy so that it requires ExternalID.