App Server¶

Required Endpoints¶

Get Token¶

Your application server should provide an endpoint to generate JWT tokens for uploads. The endpoint should accept a request with the file ID(s) and return a JWT token for each id.

This enpoint is called by your client (e.g. a web app), so you are control of the exact details and which information you want to send.

Example¶

POST /api/your-app/files {ids: [123, 345] }

would return

{
  123: {fileId: 'urn:uuid:abcd', token: 'eyJhb...'},
  345: {fileId: 'urn:uuid:efgh', token: 'eyJhb...'}
}

Report Upload¶

TODO: this will be called by Blöbbu. Exact details tbd

Example¶

PUT /api/your-app/files/urn:uuid:abcd

JWT Generation¶

Blöbbu expects a JWT token in the Authorization header with the Bearer scheme for each upload request. The token should contain the necessary information for Blöbbu to validate the upload.

The JWT token should be signed using a private key known only to your application server (e.g., using RS256 algorithm). Blöbbu validates the JWT token using the corresponding public key.

Required Claims¶

The JWT must include the following claims:

• sub: The unique identifier for the file (e.g., a URN/GUID/UUID).
• exp: Expiration timestamp.
• allowedFileSize: Maximum size in bytes that the client is allowed to upload.

Demo Project¶