Signed URLs

Learn how to use signed URLs to access data hosted by cloud providers.

In addition to IAM delegated access, you can use signed URLs (also known as presigned URLs or shared access signatures) to add datasets to Labelbox.

Signed URLs

Signed URLs permit access to resources without requiring updates to policies or other configuration settings. These URLs are usually temporary and only valid for a limited period. Cloud providers generate a hash value for each signed URL to authenticate access requests. If the hash value is missing or expired, access to the resource is denied.

Here's an example signed URL with an access token generated by the server hosting the file as the hash value:

http://example.com/filename?hash=DMF1ucDxtqgxwYQ==

Generate signed URLs

Each provider generates signed URLs differently. Refer to the documentation of the cloud provider you use for more information, such as:

📘

Security Measures

Although some cloud providers let you limit signed URLs to specific IP addresses or address blocks, we recommend using other security measures, such as a short-lived expiration time, to avoid issues in processing assets.

Related info