How to create secure file upload links for Backblaze B2 using Couchdrop

Backblaze B2 Cloud Storage provides reliable, cost-effective object storage for businesses, but it doesn't include built-in web portals or secure upload links for external file collection. When you need to receive files from clients, vendors, or partners who upload directly to your B2 storage—without giving them B2 account access or exposing your storage infrastructure—Couchdrop Upload Links provide the solution.

In this tutorial, you will configure Couchdrop to create secure, branded upload portals that save files directly to your Backblaze B2 bucket. You will connect your B2 storage to Couchdrop, create an upload link with security options, and verify that files arrive in your B2 bucket. When finished, external parties can upload files to your storage through a simple web interface without needing B2 credentials or access to your backend systems.

Prerequisites

To complete this tutorial, you will need:

• A Backblaze B2 Cloud Storage account with an existing bucket. If you need to create one, follow the Backblaze guide on Creating and Managing Buckets.
• A Backblaze B2 application key with read and write permissions. Learn how to create application keys in Backblaze's Application Keys documentation.
• A Couchdrop account with permissions to create storage connections and upload links. You can start a free trial at couchdrop.io/register.

Step 1 — Connecting Backblaze B2 to Couchdrop

Before creating an upload link, you need to connect your Backblaze B2 bucket to Couchdrop as a storage destination. This connection allows Couchdrop to route uploaded files directly into your B2 storage.

Log in to your Couchdrop account at my.couchdrop.io. Click + Create in the top navigation and select Connect to Storage from the dropdown menu.

In the storage connection list, locate Backblaze B2 and click Continue. Couchdrop displays the configuration form for Backblaze B2.

Enter a name for this connection in the Name for this integration field. This name appears in the Couchdrop admin interface for managing connections. For example, you might name it Backblaze B2 or B2 File Storage.

In the Name for new Couchdrop folder field, enter how this storage connection will appear in Couchdrop's virtual file system. For example, /B2Storage or /uploads. This is the folder name you'll reference when creating upload links.

Configure the B2 credentials by entering:

• Backblaze Key ID: Enter your Application Key ID from Backblaze. This is the public identifier for your B2 application key.
• Backblaze Master Key: Enter the Application Key itself (the long alphanumeric string shown only once when created in B2). This authenticates Couchdrop's access to your B2 bucket.
• Your Bucket ID: Enter the unique identifier for your B2 bucket, found in the Backblaze console under Buckets.

Click Save and Test to verify that Couchdrop can successfully authenticate with your B2 bucket. Couchdrop attempts to list the bucket contents. If the test succeeds, you'll see a Connection Online confirmation message.

In the Choose a folder section, you can optionally specify a subfolder within your B2 bucket as the root directory. For example, if you want upload link files saved in a specific path like /client-uploads/, select or create that folder here. If you leave this blank or select Select Root Directory, files are saved to your bucket root.

Click Add Integration to save the connection.

You can now create upload links that route files to this B2 bucket.

Step 2 — Creating a Secure Upload Link

With your Backblaze B2 storage connected to Couchdrop, you can now create an upload link that allows external users to securely upload files directly to your B2 bucket. Couchdrop's Upload Links provide a web-based portal where users can drag and drop files without needing technical knowledge, B2 credentials, or access to your storage infrastructure.

From the Couchdrop dashboard, navigate to Send and Receive in the left sidebar and click Request Files. This opens the File Requests & Upload Portals page where you manage all your upload links.

Click + Create in the top right corner, then select Create File Request or Upload Link. A sidebar will appear presenting different upload link types. Each type serves different security and use case requirements:

• Upload Portal: A permanent upload destination where anyone can send files. Best for ongoing file collection needs.
• Temporary Upload Link: An upload link that automatically expires after a set time. Ideal for one-time file requests or time-sensitive submissions.
• Password-Protected Upload Link: Requires users to enter a password before accessing the upload portal. Adds an extra security layer for sensitive file collection.
• File Request via Email: Users must verify their identity via email authentication before uploading. Provides accountability for file submissions.
• Custom Upload: Offers advanced configuration options for specialized requirements.

For this tutorial, select Upload Portal to create a straightforward, permanent upload destination. Click Continue.

On the Location step, specify where uploaded files will be saved in your Backblaze B2 storage. Click Select a location... to open the folder selection dialog.

The dialog displays all available storage locations in your Couchdrop account. You should see your Backblaze B2 connection listed, identified by the alias name you provided when creating the connection.

Select your Backblaze B2 connection. This will default to the root of your Backblaze connection. Choose "Select [alias]" to connect to the root, or navigate into the folder structure to select a specific subfolder. For example, if you configured your B2 connection to point to /client-uploads/ and you select a subfolder called /onboarding/, files will be saved to /client-uploads/onboarding/ in your B2 bucket.

Click Continue to proceed to the configuration step.

On the Configure step, provide information about your upload link:

• Name (not externally visible): Enter an internal reference name for this upload link. This name helps you identify the link in your Couchdrop dashboard but is not visible to users who access the upload portal. For example, you might use "Client Document Collection - February 2026" to indicate its purpose and timeframe.
• Message/Description (optional): Enter instructions that will be displayed to users when they access the upload portal. This message provides context about what files to upload and any specific requirements. For example: "Please upload your project files here. Accepted formats: PDF, DOCX, XLSX. Maximum file size: 50MB."

Click Continue to finalize the link creation.

Couchdrop displays the Finalize step, confirming your upload link was created successfully. The page shows the generated upload link URL, which you can share with anyone who needs to upload files.

The upload link is now active and ready to use. Users who access this URL will see a branded upload portal where they can drag and drop files, which will be saved directly to your specified Backblaze B2 location.

You can take several actions from here: 

• Click Copy to copy the upload link URL to your clipboard for easy sharing.
• Click Share via email to send the link directly to specific recipients through Couchdrop's email interface.
• Click Configure to access advanced settings for security, alerting, and form customization. (Detailed in next step)
• Click Close to return to your upload links list.

In the next step, you will configure additional security options to control who can access the link and how long it remains active.

Step 3 — Configuring Security Options

While your upload link is now functional, adding security controls ensures that only intended recipients can access it and limits the timeframe during which uploads are accepted. Couchdrop provides multiple security layers that you can combine to match your requirements.

From the File Requests & Upload Portals page, locate your newly created upload link in the list. Click the three-dot menu on the right side of the link row and select Edit (if you are still on the Finalize screen from the previous step, click Configure). 

There are four tabs from this screen with different options. 

General 

Manage general link settings here. Under General Options, you can rename the Upload Link or where files that are uploaded are saved. You can also delete the Upload Link with the Delete upload link button in red. This will give you a warning and make you confirm before permanently deleting the link. 

Allowed Senders is where you can configure emails that are allowed to send files using the link. This is a whitelisting option, meaning, that only emails added here will be able to access and use the link. You can also set a password for the link here. 

This field accepts wildcards. For example:

• To allow only specific individuals: alex@clientcompany.com, jordan@clientcompany.com
• To allow anyone from a specific domain: *@clientcompany.com
• To allow multiple domains: *@clientcompany.com, *@partnercompany.com

When this setting is active, once a user accesses the upload link, they will be prompted to enter their email address. Couchdrop sends a verification code to that email address, and the user must enter the code to prove they control the email account. Only users whose email addresses match your allowed list can proceed to upload files.

Form Builder

This section allows you to create and adjust details to the optional form that can accompany the file upload. The Form description is a custom message that users view when they arrive at the portal. For example, this message could be used to guide users to use the form correctly. 

In the Configure files and input fields section, you can customize what you would like users to upload and capture metadata in easy to configure input fields. Check the Upload input fields as .csv field if you want Couchdrop to automatically upload a .csv of the entered fields by the user alongside the file upload. 

Clicking the Add field link will open a sidebar with field options: 

• Field type: The type of field. Supports Checkbox, Description, Email, File, Number, and Text. 

• Internal field identifier: An internal name to identify the field. This is not shown to users. 
• Field name/description: Text entered here will accompany the field. You can use it to explain to users how to use the field, such as what types of files are accepted. 

Click Add New Field to add the field to the form. The field will be added in the box on the main configuration window and can be deleted by clicking the trash can. 

Security and Alerting

Click the Security and Alerting tab to access security options.

Click the Expiry dropdown to see available options. By default, upload links are set to Never Expire, meaning they remain active indefinitely. For time-sensitive file collection, you can set an expiration time. You can choose from preset durations that range from 2 hours to 1 year.

For example, if you need to collect project submissions for a client proposal due next week, you might set the expiry for 1 week. After the specified time, the upload link will no longer accept files, and users who access the URL will see a message indicating the link has expired.

Actions

Here you can build action workflows around this Upload Link. This opens the automation builder where you can configure file processing actions. The trigger will be pre-populated using a successful file upload using the Upload Link. 

Combining security options

You can combine these security options to create the appropriate level of protection for your use case:

• Password only: Quick security without requiring email verification. Suitable when you trust the recipients but want basic access control.
• Email verification only: Ensures accountability by requiring users to prove their identity. Suitable when you need to track who uploaded which files.
• Password and email verification: Maximum security for sensitive file collection. Users must know the password and verify their email address.
• Expiry with other options: Time-limited access prevents files from being uploaded after a deadline. Combine with password or email verification for additional security.

After configuring your desired security options, click Save updates to apply the changes. 

You have now secured your upload link with appropriate access controls. In the next step, you will test the upload process to verify that files successfully arrive in your Backblaze B2 storage.

Step 4 — Testing the Upload Link

Testing the upload link before sharing it with external users ensures that the configuration works correctly and files are saved to the intended location in your Backblaze B2 bucket. This verification step prevents issues when real users attempt to upload important files.

Open a new browser tab or window (you can also use an incognito/private browsing window to simulate the user experience without your Couchdrop login session). Navigate to the upload link URL that was displayed when you created the link. You can find this URL in your Couchdrop dashboard by going to Send and Receive > Request Files and clicking on your upload link.

If you configured password protection in the previous step, you will see a password entry screen. Enter the password you specified and click Submit or press ENTER.

If you configured email verification, you will be prompted to enter your email address. After entering an email that matches your allowed list, Couchdrop sends a verification code to that address. Check your email inbox (and spam folder if the message does not arrive within a few minutes), copy the verification code, and enter it in the upload portal.

After passing any configured security checks, you will see the upload portal interface. The portal displays:

• The image uploaded in the Branding settings. This can be updated in the Admin console under Security & Organization > Branding > Inbox Branding. 
• The custom message/description you provided during configuration (if you added one)
• An Attach files box. This box accepts files via drag and drop or users can click this box to open a file browser 
• Any custom form fields you configured (if applicable)
• A Clear form button to completely remove inputted form values

Click into the Attach files box or drag and drop to test the portal. After selecting the file, the upload portal shows a progress indicator as the file transfers to Couchdrop. When the upload completes, you will see a success message confirming the file was received.

Now verify that the file arrived in your Backblaze B2 storage. You have two ways to confirm this:

Option 1: Check via Backblaze Console

Log in to your Backblaze account and navigate to Buckets. Click on the bucket you connected to Couchdrop. Browse to the folder path you specified when creating the upload link. You should see your test file listed with a recent upload timestamp.

Option 2: Check via Couchdrop

From your Couchdrop dashboard, navigate to Storage and select your Backblaze B2 connection. Browse to the destination folder you configured for the upload link. The test file should appear in the file list, confirming it was successfully saved to B2.

If you enabled email notifications in the configuration (covered in advanced options), check the recipient email address for a notification message confirming the file upload.

If the test file does not appear in your B2 bucket, verify the following:

• Storage connection: Confirm your Backblaze B2 connection is still active by navigating to Settings > Storage in Couchdrop and clicking Test Connection on your B2 integration.
• Destination path: Ensure you are looking in the correct folder path in B2. The path combines the folder you specified when connecting B2 to Couchdrop with the subfolder you selected when creating the upload link.
• Application key permissions: Verify that your Backblaze B2 application key has write permissions for the bucket. You can check this in your Backblaze account under App Keys.

Once you confirm the test file arrived successfully, delete it from your B2 storage to clean up the test data. You can do this either through the Backblaze console or through Couchdrop's file browser.

Next Steps

In this tutorial, you configured Couchdrop to create a secure upload portal that saves files directly to Backblaze B2 Cloud Storage. You connected your B2 bucket to Couchdrop as a storage destination, created an upload link with security controls, and verified that files successfully arrive in your B2 storage.

You can now collect files from clients, vendors, and partners without giving them direct access to your Backblaze B2 account or requiring them to understand technical protocols. External users access a simple web interface to upload files, while you maintain complete control over where files are stored and who can access the upload portal.

To expand this workflow, you might want to:

• Configure custom form fields to collect metadata from uploaders (such as project names, contact information, or file descriptions). Learn more in our Upload Links documentation.
• Set up File Actions to automatically process uploaded files (such as moving them to different folders, sending notifications, or triggering downstream workflows). Check out our tutorial on How to automate file transfers between Backblaze and SFTP for an example. 
• Create multiple upload links for different purposes, each saving to different B2 folders for organized file collection. 
• Configure custom branding to display your company logo and colors on the upload portal. Learn more in our guide on Custom Branding and White Label Domains.

For more information on Backblaze B2 integration capabilities and advanced Couchdrop features, visit the Couchdrop connector for Backblaze B2.