Skip to main content
This endpoint requires authentication. Requests without a valid session return 401 No autorizado para subir archivos.

Endpoint

POST /api/upload

Request

Send a multipart/form-data request. Do not set Content-Type manually — let the HTTP client set the boundary automatically.
file
file
required
The image file to upload. Must be a valid image type (any image/* MIME type). Maximum size is 5 MB.
bucket
string
required
The Supabase Storage bucket to upload into. Use "recetas" for recipe images or "avatars" for user profile pictures.
oldFileName
string
The storage path of a previously uploaded file to delete before uploading the new one. Pass the file name returned by a prior upload. Omit this field (or pass an empty string) if no replacement is needed.

File naming

The server generates the file name automatically using the pattern:
  • receta-<user_id>-<timestamp>.<ext> — for the recetas bucket
  • avatar-<user_id>-<timestamp>.<ext> — for the avatars bucket
You do not need to provide a file name in the request.

Response

url
string
The public URL of the uploaded file in Supabase Storage. Use this URL to reference the image in recipe or profile records.

Error responses

StatusErrorDescription
401No autorizado para subir archivosNo active session or invalid session token.
400Faltan parámetros (archivo o bucket)The file or bucket field is missing from the form data.
400El archivo debe ser una imagen válida.The uploaded file’s MIME type does not start with image/.
400La imagen es demasiado grande. El máximo es 5MB.The file exceeds the 5 MB size limit.
400Supabase error messageA storage upload error occurred.
500Error interno del servidorAn unexpected server error occurred.
If oldFileName is provided and the deletion of the old file fails, the error is logged server-side but does not block the upload. The new file is still uploaded and its URL is returned.

Example requests

Upload a recipe image
curl --request POST \
  --url https://your-app.vercel.app/api/upload \
  --header 'Cookie: sb-access-token=<your-session-token>' \
  --form 'file=@/path/to/photo.jpg' \
  --form 'bucket=recetas'
Replace an existing avatar
curl --request POST \
  --url https://your-app.vercel.app/api/upload \
  --header 'Cookie: sb-access-token=<your-session-token>' \
  --form 'file=@/path/to/new-avatar.png' \
  --form 'bucket=avatars' \
  --form 'oldFileName=avatar-f0e9d8c7-b6a5-4321-fedc-ba9876543210-1700000000000.png'

Example responses

200 OK
{
  "url": "https://your-project.supabase.co/storage/v1/object/public/recetas/receta-f0e9d8c7-b6a5-4321-fedc-ba9876543210-1700000000000.jpg"
}
401 Unauthorized
{
  "error": "No autorizado para subir archivos"
}
400 File too large
{
  "error": "La imagen es demasiado grande. El máximo es 5MB."
}
400 Invalid file type
{
  "error": "El archivo debe ser una imagen válida."
}

Build docs developers (and LLMs) love

Get started for freeTalk to us