Google Cloud Storage

Upload files and images directly into your own GCS buckets.

When collecting binary data from your flows, such as images or documents from file, image upload, or signature questions, we upload them directly into your infrastructure from the responder's browser.

The answer associated with the question will contain the Object URL of the uploaded asset, such as{{YOUR_BUCKET_NAME}}/{{FILENAME}}/

This way, you retain control over your responder's data: the GCS bucket can only provide write access to Formsort, so the data uploaded can be secure.

Other answers, such as emails or selected choices, will not be sent to the Google Cloud Storage (GCS) integration -- only binary uploads are placed there.

A common pattern is to use Google Cloud Storage as a staging ground for binary files:

  1. A file is uploaded by Formsort into a bucket.

  2. The file is copied / processed / served elsewhere in your infrastructure.

Setting up your Google Cloud Storage bucket

If you don't have an GCS bucket already, or wish to create a new one, set one up in the Google Cloud Console, taking note of the bucket name of the bucket.

Within your bucket, click Permissions and then Grant access and provide the Storage Object Creator role to the user. This will allow us to upload, but not read data into this bucket.

Because Formsort will be uploading content directly from the browser and not via Formsort servers, you need to allow Cross Origin Resource Sharing (CORS) for this bucket. Please follow the instructions below

  • First, install the Google Cloud SDK CLI:

  • Login with 'gcloud init' command

  • Create cors.json file with the following example config. You can be more strict about the domain if you want, for example restricting it to * or the custom domain you have configured for use with Formsort.

    "origin": ["*"],
    "responseHeader": ["*"],
    "method": ["PUT"],
    "maxAgeSeconds": 3600
  • Upload the CORS configuration with gsutil cors set cors.json gs://{ YOUR_BUCKET_NAME }

  • You can confirm your CORS settings with gsutil cors get gs://{ YOUR_BUCKET_NAME }

Connecting Formsort to your bucket

Back in Formsort, in the integrations editor, under Google Cloud Storage, click Add new credential...

Provide your bucket name, and a description of the bucket and click Save bucket info.

At this point, you can return back to the flow you are working on, and add file, image upload, and signature questions, and the files will be placed within your bucket directly from your responders' browsers.

How Object URLs are generated

At the level of the flow's integration, a base path can be specified. This adds an additional prefix that is used to create Object URLs for all uploaded assets. One helpful trick is to create a base path like /prod for the production environment, to distinguish from assets uploaded to other environments.

At the level of a particular question, additional filename patterns can be specified:

Take care that every URL has some uniqueness to it, whether it be the responder UUID, a timestamp, or random UUID, so that uploads from different responders do not overwrite one another.

In the above configuration, uploaded assets would be located at URLs such as, and is what would be provided in the answers stored in the flow itself.

Accessing uploaded files

If your bucket is publicly available, then the URL that is in the answers can be used by anyone to access the uploaded file.

If your bucket or the containing folder are not publicly available, but you wish to give web users access to the file, you will need to create a signed url. Formsort cannot create the signed URL, since it is only given the Storage Object Creator role, and doesn't have the ability to read files.

Generally, the process for generating signed URLs looks like:

  1. Create a service account with the Storage Object Viewer role

  2. Download a keyfile for that service account

  3. Use the Cloud Storage libraries to generate a signed URL for the URL

For testing locally, you can use the gsutil command. The following generates a URL that's usable for one day after it's created.

gsutil signurl \
  -d 1d \
  /path/to/your/keyfile.json \

Ensure that you are URL decoding the URL when creating the key for use with gsutil or the client libraries.

For example, a file with a URL like would have the URL decoded address of gs://fils-test-bucket/aa78341a-9310-442b-9c65-3adbc3507c88_2022-10-21T21:58:46.461Z.jpg

Last updated