Generate scoped, operation-specific signed URLs (get/put/head/delete) with expiry up to 7 days to enable direct browser uploads and conditional deletes without exposing credentials.
June 3, 2026
Summary
Eliminates server round-trips for file uploads by streaming directly from browser to Blob storage, and keeps long-lived tokens server-side while issuing narrow, expiring URLs to clients. Reduces attack surface for file operations.
Why it matters
Eliminates server round-trips for file uploads by streaming directly from browser to Blob storage, and keeps long-lived tokens server-side while issuing narrow, expiring URLs to clients. Reduces attack surface for file operations.
Implementation verdict
Replaces custom pre-signed URL logic if you're building it yourself. Requires @vercel/blob ≥2.4.0 and a server endpoint to generate tokens (OIDC-backed). Ready to use now; multipart PUT and conditional DELETE (ifMatch) work out of the box.
Sources
Dev Signal
Get briefs like this in your inbox — free, every weekday.
100+ sources compressed into one 4-minute read. Ranked, cited, implementation-ready.