From 46f7c42bb9d38496cc0caac00f65f7310e7ab11d Mon Sep 17 00:00:00 2001
From: "claude[bot]" <41898282+claude[bot]@users.noreply.github.com>
Date: Fri, 17 Apr 2026 12:12:24 +0000
Subject: [PATCH] [Docs self-healing] Document signed URL behavior for S3
 private buckets

Adds documentation for signed URL behavior in the REST API upload endpoints when using AWS S3 with private ACL, addressing strapi/strapi#26034.

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
---
 docusaurus/docs/cms/api/rest/upload.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/docusaurus/docs/cms/api/rest/upload.md b/docusaurus/docs/cms/api/rest/upload.md
index 7e8c7c2a2e..4a7a4e05c2 100644
--- a/docusaurus/docs/cms/api/rest/upload.md
+++ b/docusaurus/docs/cms/api/rest/upload.md
@@ -32,6 +32,10 @@ Upload one or more files to your application.
 
 `files` is the only accepted parameter, and describes the file(s) to upload. The value(s) can be a Buffer or Stream.
 
+:::info Signed URLs with private S3 buckets
+When using AWS S3 with the `ACL` parameter set to `"private"`, file URLs returned by the upload endpoints are automatically signed. Signed URLs include `X-Amz-Signature` query parameters and an `isUrlSigned: true` flag in the response, making them accessible despite the private bucket ACL. Signed URLs expire based on your `signedUrlExpires` configuration (default: 15 minutes).
+:::
+
 :::tip
 When uploading an image, include a `fileInfo` object to set the file name, alt text, and caption.
 :::