> ## Documentation Index
> Fetch the complete documentation index at: https://docs.closient.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Get presigned S3 upload URL

> Generate a presigned POST URL for direct-to-S3 photo upload.



## OpenAPI

````yaml /openapi/openapi-scanner.json get /scanner/api/v1/sessions/{session_id}/presigned-upload-url
openapi: 3.1.0
info:
  title: Scanner API
  version: 1.0.0
  description: >
    Barcode and product scanning with vision extraction.


    ## Authentication


    All endpoints require an API key passed via the `X-API-Key` HTTP header,
    unless otherwise noted.


    ```

    X-API-Key: csb_<body>_<checksum>

    ```


    Generate API keys in **Settings > API Keys** in your dashboard, or via the
    Account API.

    Session-based (cookie) authentication is also accepted for browser-based
    access.


    ## Rate Limits


    | Tier        | Requests / minute | Requests / day |

    |-------------|-------------------|----------------|

    | Default     | 300               | 10,000         |

    | Custom      | Contact us        | Contact us     |


    Rate-limit headers are included on every response so callers can
    self-throttle without

    hitting our 429s ("informed governor"):


    - `RateLimit-Policy` — every active window, e.g. `300;w=60, 10000;w=86400`

    - `RateLimit-Limit` — quota for the **most-restrictive** currently-active
    window

    - `RateLimit-Remaining` — requests left in that window

    - `RateLimit-Reset` — seconds until that window resets (relative; clock-skew
    safe)


    Legacy `X-RateLimit-*` aliases are also emitted for back-compat.
    `X-RateLimit-Reset`

    keeps the absolute Unix-timestamp shape to avoid breaking existing
    consumers.


    When rate-limited, you receive `429 Too Many Requests` with a
    `retry_after_seconds` field

    in the error envelope and a `Retry-After` header.


    ## Pagination


    List endpoints return paginated results in this envelope:


    ```json

    {
      "data": [...],
      "pagination": {
        "page": 1,
        "page_size": 25,
        "total_count": 342,
        "total_pages": 14,
        "has_next": true,
        "has_previous": false
      }
    }

    ```


    Use `?page=2&page_size=50` query parameters. Maximum page size is 100.


    ## Error Responses


    All errors conform to [RFC 9457 Problem
    Details](https://www.rfc-editor.org/rfc/rfc9457)

    with `Content-Type: application/problem+json`:


    ```json

    {
      "type": "https://closient.com/docs/errors/not_found",
      "title": "Not Found",
      "status": 404,
      "detail": "The requested resource was not found.",
      "error_code": "not_found",
      "retryable": false,
      "timestamp": "2026-03-31T12:00:00+00:00"
    }

    ```


    Common error codes: `unauthorized` (401), `forbidden` (403), `not_found`
    (404),

    `validation_error` (422), `rate_limited` (429), `internal_error` (500).
  termsOfService: https://www.closient.com/terms/
servers:
  - url: https://www.closient.com
security: []
tags:
  - name: Scanner Sessions
    description: Create and manage barcode scanning sessions.
  - name: Scanner Captures
    description: Record barcode scan captures within sessions.
  - name: Scanner Enrichment
    description: Enrich scanned items with product data.
  - name: Scanner Photos
    description: Manage photos attached to scan sessions.
  - name: Scanner Upload
    description: Upload scan data in bulk.
  - name: Scanner Resolve
    description: >-
      Dual-scan QR resolve: follow QR redirect chains and save the canonical URL
      as a trade-item redirect (C-503).
  - name: Scanner Freshness
    description: >-
      Resolve color-coded freshness-chip thresholds for a scanned GTIN from the
      GPC-brick category config (C-2987). Anonymous-allowed; consumed by the
      public /scan/ overlay.
externalDocs:
  description: Closient Documentation
  url: https://docs.closient.com
paths:
  /scanner/api/v1/sessions/{session_id}/presigned-upload-url:
    get:
      tags:
        - Scanner Photos
      summary: Get presigned S3 upload URL
      description: Generate a presigned POST URL for direct-to-S3 photo upload.
      operationId: apps_scanner_api_photo_endpoints_get_presigned_upload_url
      parameters:
        - in: path
          name: session_id
          schema:
            description: Unique session short_id identifier.
            title: Session Id
            type: string
          required: true
          description: Unique session short_id identifier.
        - in: query
          name: photo_type
          schema:
            allOf:
              - description: >-
                  Classification label for a product photo.


                  Mirrors :class:`apps.scanner.models.ProductPhoto.PhotoType`.
                  Used by

                  the vision pipeline to route each photo to the right
                  specialist

                  prompt (e.g. ``nutrition`` photos go to the nutrition-facts
                  extractor,

                  ``ingredients`` photos go to the ingredients extractor).
                  ``other`` is

                  the default when the operator does not assign a specific
                  label.
                enum:
                  - front
                  - back
                  - left
                  - right
                  - top
                  - bottom
                  - nutrition
                  - ingredients
                  - barcode
                  - recycling
                  - certification
                  - other
                title: PhotoTypeEnum
                type: string
            default: other
            description: >-
              Photo classification used to namespace the generated S3 key. See
              ``PhotoTypeEnum`` for the full set.
          required: false
          description: >-
            Photo classification used to namespace the generated S3 key. See
            ``PhotoTypeEnum`` for the full set.
        - in: query
          name: original_filename
          schema:
            default: photo.jpg
            description: Original filename for extension detection.
            title: Original Filename
            type: string
          required: false
          description: Original filename for extension detection.
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PresignedUploadResponseSchema'
      security:
        - APIKeyHeaderAuth: []
        - OAuthTokenAuth: []
        - SessionAuth: []
components:
  schemas:
    PresignedUploadResponseSchema:
      description: Presigned S3 upload URL and metadata.
      examples:
        - expires_in: 3600
          s3_key: scanner/photos/2026/04/abc123.jpg
          upload_fields:
            ...: ...
            key: scanner/photos/2026/04/abc123.jpg
          upload_url: https://bucket.s3.us-west-2.amazonaws.com/
      properties:
        upload_url:
          description: S3 POST URL for the upload.
          title: Upload Url
          type: string
        upload_fields:
          additionalProperties: true
          description: Form fields to include in the multipart POST.
          title: Upload Fields
          type: object
        s3_key:
          description: S3 object key where the file will be stored.
          title: S3 Key
          type: string
        expires_in:
          description: Seconds until the presigned URL expires.
          title: Expires In
          type: integer
      required:
        - upload_url
        - upload_fields
        - s3_key
        - expires_in
      title: PresignedUploadResponseSchema
      type: object
  securitySchemes:
    APIKeyHeaderAuth:
      type: apiKey
      in: header
      name: X-API-Key
    OAuthTokenAuth:
      type: http
      scheme: bearer
    SessionAuth:
      type: apiKey
      in: cookie
      name: sessionid

````