Mint a character upload URL

​

When to use

• You already have ref images on disk or in your own storage and want to attach them to a new character without round-tripping bytes through your API.
• You want to capture pose metadata before committing the character (use upload-classify).

​

Lifecycle

1. POST /v1/characters/uploads/init → { upload_id, upload_url, expires_at }.
2. PUT <upload_url> with the image bytes (any well-formed PUT, no extra headers required).
3. Optional: POST /v1/characters/uploads/classify with the same upload_id to detect the pose.
4. POST /v1/characters with { upload_ids: [upl_..., ...] } to consume the uploads and create the character.

​

Example

# 1. Mint the URL
curl -X POST https://api.aurous-labs.com/v1/characters/uploads/init \
  -H "X-Api-Key: $AUROUS_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "filename": "front-portrait.jpg",
    "extension": "jpg",
    "content_type": "image/jpeg"
  }'

# Response: {
#   "upload_id":      "upl_01H...",
#   "upload_url":     "https://...",
#   "upload_headers": { "Content-Type": "image/jpeg" },
#   "expires_at":     "..."
# }

# 2. Upload the bytes (set every header from `upload_headers` on the PUT)
curl -X PUT "$UPLOAD_URL" \
  -H "Content-Type: image/jpeg" \
  --data-binary @ref-portrait.jpg

​

Limits

• Rate limit: bucket characters_post — 30 requests/min sustained, 60 burst per team.
• Upload URL TTL: 15 minutes. Mint a fresh URL if the PUT lands later.
• Upload ticket TTL: 24 hours. After that the bytes are evicted and upload_id is no longer accepted on POST /v1/characters.

​

Common pitfalls

• The upload_url is not authenticated — the signature is in the query string. Do not add X-Api-Key to the PUT.
• One ticket = one image. Mint multiple tickets in parallel for multi-ref characters.
• Browsers may need a CORS-aware proxy in front of the PUT — the V1 surface targets server-side integrators and does not advertise CORS headers on the upload host.

{ "Content-Type": "image/jpeg" }