5

I see examples and manuals of uploading files to Supabase Storage for all client libraries, but no complete information for plain HTTP protocol (say, using curl).

Both the Supabase Storage API's Reference Manual and Swagger UI documentation describe the API in detail, but miss one important detail: the base URL to use.

Improve this question

1 Answer 1

Reset to default
7

What you need:

  1. You created a bucket. Use its name in place of {bucket} below.
  2. You created a RLS policy for table storage.objects that allows INSERT for authenticated users.
  3. You have the reference ID of your project at hand. When hosting on supabase.com, that is the subdomain part of the URLs used for all your API requests. Use it in place of {ref} below.
  4. You have the anon role API key for your project. Use it instead of {anon-key} below.
  5. You have a currently valid JWT token for your user. Use it in place of {bearer-auth-token} below.
  6. You have a file you want to upload, with an absolute path like /path/to/file.ext. Use that absolute path in place of {path-and-filename.ext} below, and use the filename and extension in place of {filename.ext} below.

Now, a working upload command would look like this:

curl \
  -X POST "https://{ref}.supabase.co/storage/v1/object/{bucket}/{filename.ext}" \
  --data-binary "@{path-and-filename.ext}" \
  -H "apikey: {anon-key}" \
  -H "Authorization: Bearer {bearer-auth-token}"

Notes:

  • The URL path must be prefixed with storage/v1/. This is the part I had to test / reverse engineer. The manual still mentions apiv0/, which is outdated, and also misses to mention the storage/ prefix. The Swagger UI docs mentions neither storage/ nor v1/, but both are required.

  • In the request URL https://{ref}.supabase.co/storage/v1/object/{bucket}/{filename.ext} you can actually set {filename.ext} to any filename with extension that you want to use to save the file server-side. It does not have to be the same as the file's local filename. You can even include any path you like.

  • On success, the result will be a JSON object {"Key": "{bucket}/{filename.ext}"} with the values you used in the request URL. This is the key to identify the uploaded file server-side when you want to download, move it etc..

  • Since path and filename serve as the key to identify the file, trying to upload a file with the same path and filename into the same bucket will result in an error {"statusCode": "409", "error": "Duplicate", "message": "The resource already exists"}.

Improve this answer
3
  • From where i will get the JWT token? Supabase configuration settings does not have JWT and i am not using Supabase SDK. I am trying to upload file to supabase from Apache Nifi
    – dd619
    Mar 1 at 5:10
  • This is how to get the JWT: github.com/orgs/supabase/discussions/4312
    – brew
    Mar 21 at 12:59
  • 1
    For non-public purposes, a service key can be used in place of the bearer-auth-token. This does not seem to require the anon-key and RLS configuration. I was able to upload to Supabase Storage this way. Many thanks.
    – Mark Johnson
    Apr 4 at 6:12

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Not the answer you're looking for? Browse other questions tagged or ask your own question.