Returns a signed URL for uploading a function source code. For more information about the signed URL usage see: https://cloud.google.com/storage/docs/access-control/signed-urls. Once the function source code upload is complete, the used signed URL should be provided in functions.create or functions.patch request as a reference to the function source code.
When uploading source code to the generated signed URL, please follow these restrictions:
Source file type should be a zip file.
No credentials should be attached - the signed URLs provide access to the target bucket using internal service identity; if credentials were attached, the identity from the credentials would be used, but that identity does not have permissions to upload files to the URL.
When making a HTTP PUT request, specify this header:
content-type: application/zip
Do not specify this header:
Authorization: Bearer YOUR_TOKEN
HTTP request
POST https://cloudfunctions.googleapis.com/v2/{parent}/functions:generateUploadUrl
Path parameters
Parameters
parent
string
Required. The project and location in which the Google Cloud Storage signed URL should be generated, specified in the format projects/*/locations/*. It takes the form projects/{project}/locations/{location}.
Authorization requires the following IAM permission on the specified resource parent:
cloudfunctions.functions.sourceCodeSet
Request body
The request body contains data with the following structure:
Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function source code objects in intermediate Cloud Storage buckets. When you generate an upload url and upload your source code, it gets copied to an intermediate Cloud Storage bucket. The source code is then copied to a versioned directory in the sources bucket in the consumer project during the function deployment.
It must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}.
The Google Cloud Functions service account (service-{project_number}@gcf-admin-robot.iam.gserviceaccount.com) must be granted the role 'Cloud KMS CryptoKey Encrypter/Decrypter (roles/cloudkms.cryptoKeyEncrypterDecrypter)' on the Key/KeyRing/Project/Organization (least access preferred).
The function environment the generated upload url will be used for. The upload url for 2nd Gen functions can also be used for 1st gen functions, but not vice versa. If not specified, 2nd generation-style upload URLs are generated.
Response body
Response of GenerateSourceUploadUrl method.
If successful, the response body contains data with the following structure:
The generated Google Cloud Storage signed URL that should be used for a function source code upload. The uploaded file should be a zip archive which contains a function.
The location of the source code in the upload bucket.
Once the archive is uploaded using the uploadUrl use this field to set the function.build_config.source.storage_source during functions.create and functions.patch.
Generation defaults to 0, as Cloud Storage provides a new generation only upon uploading a new object or version of an object.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-06-16 UTC."],[[["\u003cp\u003eThis API call returns a signed URL for uploading function source code, which must be a zip file.\u003c/p\u003e\n"],["\u003cp\u003eThe signed URL provides temporary access to a specific Google Cloud Storage bucket without needing credentials, and must be provided to functions.create or functions.patch after the upload.\u003c/p\u003e\n"],["\u003cp\u003eWhen using the signed URL, the request header must specify \u003ccode\u003econtent-type: application/zip\u003c/code\u003e and should not include \u003ccode\u003eAuthorization: Bearer YOUR_TOKEN\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eparent\u003c/code\u003e parameter, formatted as \u003ccode\u003eprojects/*/locations/*\u003c/code\u003e, specifies the project and location, requiring the \u003ccode\u003ecloudfunctions.functions.sourceCodeSet\u003c/code\u003e IAM permission.\u003c/p\u003e\n"],["\u003cp\u003eThe request body can optionally include \u003ccode\u003ekmsKeyName\u003c/code\u003e to encrypt/decrypt function source code in intermediate Cloud Storage buckets, and the \u003ccode\u003eenvironment\u003c/code\u003e to indicate the function environment the signed upload url will be used for.\u003c/p\u003e\n"]]],[],null,["# Method: projects.locations.functions.generateUploadUrl\n\n- [HTTP request](#body.HTTP_TEMPLATE)\n- [Path parameters](#body.PATH_PARAMETERS)\n- [Request body](#body.request_body)\n - [JSON representation](#body.request_body.SCHEMA_REPRESENTATION)\n- [Response body](#body.response_body)\n - [JSON representation](#body.GenerateUploadUrlResponse.SCHEMA_REPRESENTATION)\n- [Authorization scopes](#body.aspect)\n- [Try it!](#try-it)\n\nReturns a signed URL for uploading a function source code. For more information about the signed URL usage see: \u003chttps://cloud.google.com/storage/docs/access-control/signed-urls\u003e. Once the function source code upload is complete, the used signed URL should be provided in functions.create or functions.patch request as a reference to the function source code.\n\nWhen uploading source code to the generated signed URL, please follow these restrictions:\n\n- Source file type should be a zip file.\n- No credentials should be attached - the signed URLs provide access to the target bucket using internal service identity; if credentials were attached, the identity from the credentials would be used, but that identity does not have permissions to upload files to the URL.\n\nWhen making a HTTP PUT request, specify this header:\n\n- `content-type: application/zip`\n\nDo not specify this header:\n\n- `Authorization: Bearer YOUR_TOKEN`\n\n### HTTP request\n\n`POST https://cloudfunctions.googleapis.com/v2/{parent}/functions:generateUploadUrl`\n\n### Path parameters\n\n### Request body\n\nThe request body contains data with the following structure:\n\n### Response body\n\nResponse of `GenerateSourceUploadUrl` method.\n\nIf successful, the response body contains data with the following structure:\n\n### Authorization scopes\n\nRequires the following OAuth scope:\n\n- `https://www.googleapis.com/auth/cloud-platform`\n\nFor more information, see the [Authentication Overview](/docs/authentication#authorization-gcp)."]]