1. Media Upload
TrustWILL
  • Reviews Widget Integration
  • Reviews Data API
    • Trustoo Open API — Quick Start
    • OAuth2
      • OAuth2 Merchant Authorization
      • Get OAuth2 Authorization URL
      • OAuth2 Get / Refresh Access Token
      • Revoke Token
    • Platform Management
      • Disconnect Platform Authorization
      • Get Shop Authorization Info
      • Get Shop Installation Status
      • Cancel Platform Authorization
    • Webhooks
      • Create Shop Webhook
      • Update Shop Webhook
      • Delete Shop Webhook
      • Get Shop Webhooks
    • Reviews
      • Get Review Detail
      • Get Review List
      • Create Review
      • Delete Review
      • Get Rating
    • Media Upload
      • Get Video Upload URL
        GET
      • Get Image Upload Credentials
        GET
    • Orders
      • Get Order List
    • Customer Events
      • Get Customer Event List
    • Customers
      • Email Unsubscribe
      • Create Customer Exclusion
      • Delete Customer Exclusion
      • Get Customer Exclusion List
  • Schemas
    • SuccessResponse
    • ErrorResponse
    • Pagination
    • OAuthTokenRequest
    • Webhook
    • CreateReviewRequest
    • Review
    • Rating
    • Order
    • CustomerEvent
    • CustomerExclusion
    • ImageUploadCredentials
  1. Media Upload

Get Image Upload Credentials

GET
/api/v1/openapi/get_image_upload_policy_token
Obtain temporary OSS (Object Storage Service) direct-upload credentials. The frontend uses these credentials to upload images directly to cloud storage without exposing the AccessKey Secret.
Authentication: HMAC signature OR OAuth2 Bearer Token
Scope: write_reviews
Upload workflow:
1.
Call this API to get temporary credentials (access_id, policy, signature, host, dir, callback)
2.
Construct a FormData with: file, key (dir + filename), policy, OSSAccessKeyId, Signature, callback
3.
POST multipart/form-data to the host URL
4.
Storage service validates and stores the file
5.
Storage service sends HTTP callback to backend with file metadata

Request

Authorization
API Key
Add parameter in header
Public-Token
Example:
Public-Token: ********************
or
Bearer Token
Provide your bearer token in the
Authorization
header when making requests to protected resources.
Example:
Authorization: Bearer ********************
or

Request Code Samples

Shell
JavaScript
Java
Swift
Go
PHP
Python
HTTP
C
C#
Objective-C
Ruby
OCaml
Dart
R
Request Request Example
Shell
JavaScript
Java
Swift
curl --location 'https://rapi.trustoo.io/api/v1/openapi/get_image_upload_policy_token' \
--header 'Public-Token: <api-key>'

Responses

🟢200
application/json
Upload credentials
Bodyapplication/json

Example
{
    "code": 0,
    "message": "success",
    "time": 1781682923,
    "request_id": "04f73c24705b268ea17e8c01162cbae9",
    "data": {
        "access_id": "LTAI5tJqd6B1z8tmLK1xrosd",
        "host": "https://img.trustoo.io",
        "expire": "1781682923",
        "signature": "rpRzkj3yGObVuqwzcHhc93ca9pU=",
        "policy": "eyJleHBpcmF0aW9uIjoiMjAyNi0wNi0xN1QwNzo1NToyM1oiLCJjb25kaXRpb25zIjpbWyJzdGFydHMtd2l0aCIsIiRrZXkiLCJ0ZXN0NzkxOTg0ODY3ODQvMjAyNi82LzE3LyJdXX0=",
        "dir": "test79198486784/2026/6/17/",
        "callback": "eyJjYWxsYmFja1VybCI6IiIsImNhbGxiYWNrQm9keSI6ImZpbGVuYW1lPSR7b2JqZWN0fS4uLn0="
    }
}
Modified at 2026-06-24 04:25:21
Previous
Get Video Upload URL
Next
Get Order List
Built with