Assets in Que

URL Inputs

Overview

In addition to direct uploads, Que can process assets that are already available on the web. You can provide a direct, publicly accessible HTTP or HTTPS URL as an Asset Reference. Que will then stream the file from that URL for signing or verification.

This method is best suited for server-to-server workflows where you are processing content that is already hosted, such as images from a CMS or files from a public archive.

Security Warning: Use with Caution

This feature allows Que's servers to access external URLs. For security, this capability may be disabled by default in your environment.

  • Server-Side Request Forgery (SSRF) Risk: If user-provided URLs are not validated, an attacker could attempt to make Que's servers access internal or malicious resources.
  • HTTPS Recommended: Always use HTTPS URLs to ensure the integrity and confidentiality of the asset during transit.

Usage Example

To use a URL input, create an Asset Reference object that contains a url field instead of a bucket and key.

import { Que } from "que-sdk";

const que = new Que({
  apiKeyAuth: process.env["QUE_API_KEY_AUTH"] ?? "",
});

const asset = {
  url: 'https://example.com/assets/photo-to-verify.jpg',
};

async function verifyUrlAsset() {
  try {
    const result = await que.verifyAsset({
      asset,
      includeCertificates: true,
    });
    console.log('Verification successful:', JSON.parse(result.report));
  } catch (error) {
    console.error('Verification failed:', error);
  }
}

verifyUrlAsset();
import os
from que_media import Que

with Que(
    api_key_auth=os.getenv("QUE_API_KEY_AUTH", ""),
) as que:

    try:
        result = que.verify_asset(asset={
            "url": "https://example.com/assets/photo-to-verify.jpg"
        }, mode="summary", include_certificates=True)

        import json
        report = json.loads(result.report)
        print("Verification successful")
    except Exception as e:
        print(f"Verification failed: {e}")
package main

import (
	"context"
	"fmt"
	"os"

	"github.comcom/que-platform/que-sdk-go"
)

func main() {
	client := quesdk.NewClient(os.Getenv("QUE_API_KEY"))

	asset := quesdk.AssetReference{
		URL: "https://example.com/assets/photo-to-verify.jpg",
	}

	_, err := client.Verify(context.Background(), &quesdk.VerifyRequest{
		Asset: asset,
	})
	if err != nil {
		fmt.Printf("Verification failed: %v\n", err)
		return
	}

	fmt.Println("Verification successful")
}
// The Que SDK for Rust is not yet available.
// The following is a conceptual example.
use que_sdk::{QueClient, types::{AssetReference, VerifyRequest}};

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let client = QueClient::new(std::env::var("QUE_API_KEY")?);

    let asset = AssetReference::Url {
        url: "https://example.com/assets/photo-to-verify.jpg".to_string(),
    };

    let request = VerifyRequest { asset, ..Default::default() };
    client.verify(request).await?;

    println!("Verification successful");
    Ok(())
}
package hello.world;

import java.lang.Exception;
import org.openapis.openapi.Que;
import org.openapis.openapi.models.components.*;
import org.openapis.openapi.models.errors.ProblemResponseException;
import org.openapis.openapi.models.operations.VerifyAssetResponse;

public class UrlInputExample {

    public static void main(String[] args) throws ProblemResponseException, ProblemResponseException, ProblemResponseException, Exception {

        Que sdk = Que.builder()
                .apiKeyAuth(System.getenv().getOrDefault("API_KEY_AUTH", ""))
            .build();

        VerifyRequest req = VerifyRequest.builder()
                .asset(AssetRefDto.of(PresignedUrl.builder()
                    .url("https://example.com/assets/photo-to-verify.jpg")
                    .build()))
                .includeCertificates(true)
                .build();

        VerifyAssetResponse res = sdk.verifyAsset()
                .request(req)
                .call();

        if (res.verifyResponse().isPresent()) {
            System.out.println("Verification successful.");
        }
    }
}
<?php
declare(strict_types=1);

require 'vendor/autoload.php';

use Que;
use Que\Models\Components;

$sdk = Que\Que::builder()
    ->setSecurity(getenv('QUE_API_KEY_AUTH') ?: '')
    ->build();

$verifyRequest = new Components\VerifyRequest(
    asset: new Components\PresignedUrl(
        url: 'https://example.com/assets/photo-to-verify.jpg'
    ),
    mode: Components\VerifyRequestMode::Detailed
);

try {
    $response = $sdk->verifyAsset(
        request: $verifyRequest
    );

    if ($response->verifyResponse !== null) {
        echo "Verification successful.\n";
    }
} catch (Exception $e) {
    echo 'Verification failed: ' . $e->getMessage();
}

Best Practices

  • Validate URLs: Before passing a URL to Que, especially if it originates from a user, validate it on your backend to ensure it points to a legitimate, expected domain and resource.
  • Use HTTPS: To protect against man-in-the-middle attacks, only use https:// URLs.
  • Check for Errors: Be prepared to handle errors related to network failures, timeouts, or invalid URLs (e.g., 404 Not Found, 503 Service Unavailable). For a full list, see Errors and Troubleshooting.
  • Prefer Presigned Uploads for Client-Side Workflows: For security and performance reasons, do not use URL inputs for files originating from a user's device. Always use the Presigned Uploads workflow for that scenario.

Presigned Uploads

Use presigned URLs for a secure and efficient way to upload assets directly from your application to Que for processing.

Introduction

Understand the core concept of Que Manifests for digital asset provenance.

On this page

OverviewUsage ExampleBest Practices