Returns a signed URL for uploading a function source code. For more information about the signed URL usage see: https://cloud.google.com/storage/docs/access-control/signed-urls. Once the function source code upload is complete, the used signed URL should be provided in functions.create or functions.patch request as a reference to the function source code.
When uploading source code to the generated signed URL, please follow these restrictions:
Source file type should be a zip file.
Source file size should not exceed 100MB limit.
No credentials should be attached - the signed URLs provide access to the target bucket using internal service identity; if credentials were attached, the identity from the credentials would be used, but that identity does not have permissions to upload files to the URL.
When making a HTTP PUT request, these two headers need to be specified:
content-type: application/zip
x-goog-content-length-range: 0,104857600
And this header SHOULD NOT be specified:
Authorization: Bearer YOUR_TOKEN
HTTP request
POST https://cloudfunctions.googleapis.com/v1/{parent}/functions:generateUploadUrl
Path parameters
Parameters
parent
string
The project and location in which the Google Cloud Storage signed URL should be generated, specified in the format projects/*/locations/*. It takes the form projects/{project}/locations/{location}.
Authorization requires the following IAM permission on the specified resource parent:
cloudfunctions.functions.sourceCodeSet
Request body
The request body contains data with the following structure:
JSON representation
{"kmsKeyName": string}
Fields
kmsKeyName
string
Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function source code objects in intermediate Cloud Storage buckets. When you generate an upload url and upload your source code, it gets copied to an intermediate Cloud Storage bucket. The source code is then copied to a versioned directory in the sources bucket in the consumer project during the function deployment.
It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}.
The Google Cloud Functions service account (service-{project_number}@gcf-admin-robot.iam.gserviceaccount.com) must be granted the role 'Cloud KMS CryptoKey Encrypter/Decrypter (roles/cloudkms.cryptoKeyEncrypterDecrypter)' on the Key/KeyRing/Project/Organization (least access preferred). GCF will delegate access to the Google Storage service account in the internal project.
Response body
Response of GenerateSourceUploadUrl method.
If successful, the response body contains data with the following structure:
JSON representation
{"uploadUrl": string}
Fields
uploadUrl
string
The generated Google Cloud Storage signed URL that should be used for a function source code upload. The uploaded file should be a zip archive which contains a function.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-06-16 UTC."],[[["\u003cp\u003eThis endpoint generates a signed URL for uploading function source code, which must be a zip file not exceeding 100MB.\u003c/p\u003e\n"],["\u003cp\u003eWhen uploading via the signed URL, the HTTP PUT request must specify \u003ccode\u003econtent-type: application/zip\u003c/code\u003e and \u003ccode\u003ex-goog-content-length-range: 0,104857600\u003c/code\u003e headers, while the \u003ccode\u003eAuthorization\u003c/code\u003e header should not be included.\u003c/p\u003e\n"],["\u003cp\u003eThe request is made via a \u003ccode\u003ePOST\u003c/code\u003e request to \u003ccode\u003ehttps://cloudfunctions.googleapis.com/v1/{parent}/functions:generateUploadUrl\u003c/code\u003e, with the \u003ccode\u003eparent\u003c/code\u003e path parameter specifying the project and location.\u003c/p\u003e\n"],["\u003cp\u003eThe request body can include a \u003ccode\u003ekmsKeyName\u003c/code\u003e string to encrypt/decrypt function source code objects, which requires granting the Google Cloud Functions service account specific permissions.\u003c/p\u003e\n"],["\u003cp\u003eUpon success, the response body contains an \u003ccode\u003euploadUrl\u003c/code\u003e, a signed URL to which the zip file containing the function source code can be uploaded.\u003c/p\u003e\n"]]],[],null,["# Method: projects.locations.functions.generateUploadUrl\n\n- [HTTP request](#body.HTTP_TEMPLATE)\n- [Path parameters](#body.PATH_PARAMETERS)\n- [Request body](#body.request_body)\n - [JSON representation](#body.request_body.SCHEMA_REPRESENTATION)\n- [Response body](#body.response_body)\n - [JSON representation](#body.GenerateUploadUrlResponse.SCHEMA_REPRESENTATION)\n- [Authorization scopes](#body.aspect)\n- [Try it!](#try-it)\n\nReturns a signed URL for uploading a function source code. For more information about the signed URL usage see: \u003chttps://cloud.google.com/storage/docs/access-control/signed-urls\u003e. Once the function source code upload is complete, the used signed URL should be provided in functions.create or functions.patch request as a reference to the function source code.\n\nWhen uploading source code to the generated signed URL, please follow these restrictions:\n\n- Source file type should be a zip file.\n- Source file size should not exceed 100MB limit.\n- No credentials should be attached - the signed URLs provide access to the target bucket using internal service identity; if credentials were attached, the identity from the credentials would be used, but that identity does not have permissions to upload files to the URL.\n\nWhen making a HTTP PUT request, these two headers need to be specified:\n\n- `content-type: application/zip`\n- `x-goog-content-length-range: 0,104857600`\n\nAnd this header SHOULD NOT be specified:\n\n- `Authorization: Bearer YOUR_TOKEN`\n\n### HTTP request\n\n`POST https://cloudfunctions.googleapis.com/v1/{parent}/functions:generateUploadUrl`\n\n### Path parameters\n\n### Request body\n\nThe request body contains data with the following structure:\n\n### Response body\n\nResponse of `GenerateSourceUploadUrl` method.\n\nIf successful, the response body contains data with the following structure:\n\n### Authorization scopes\n\nRequires the following OAuth scope:\n\n- `https://www.googleapis.com/auth/cloud-platform`\n\nFor more information, see the [Authentication Overview](/docs/authentication#authorization-gcp)."]]
