Signed URLs
Learn how to use signed URLs to access data hosted by cloud providers.
In addition to IAM delegated access, you can use signed URLs (also known as presigned URLs or shared access signatures) to add datasets to Labelbox.
Signed URLs
Signed URLs permit access to resources without requiring updates to policies or other configuration settings. These URLs are usually temporary and only valid for a limited period. Cloud providers generate a hash value for each signed URL to authenticate access requests. If the hash value is missing or expired, access to the resource is denied.
Here's an example signed URL with an access token generated by the server hosting the file as the hash value:
http://example.com/filename?hash=DMF1ucDxtqgxwYQ==
Generate signed URLs
Each provider generates signed URLs differently. Refer to the documentation of the cloud provider you use for more information, such as:
- Amazon Web Services (AWS) Simple Storage Service (S3):
- Working with presigned URLs (AWS docs)
- Sharing objects with presigned URLs (AWS docs)
- Google Cloud Storage:
- Signed URLs (Google Cloud docs)
- Microsoft Azure Storage:
Security Measures
Although some cloud providers let you limit signed URLs to specific IP addresses or address blocks, we recommend using other security measures, such as a short-lived expiration time, to avoid issues in processing assets.
Related info
- See Cloud storage integrations to learn more about IAM delegated access,.
- See Configure CORS for setting up cross origin resource sharing (CORS),.
- See Webhooks to learn how to set up and manage an endpoint for Labelbox.
Updated 2 days ago