// Package Store

Negotiate a direct upload

Request a pre-authorized direct-to-storage upload URL for a package.

POST/api/packagestore/package/negotiate

Description

Starts a direct upload: for a workspace whose package store is in a region, the server returns a short-lived, write-only URL that points straight at that region's blob storage, so your CI uploads the bytes without routing them through the Jaws web app. For every other workspace the server returns mode legacy, and you fall back to the classic multipart upload.

A direct upload is three plain HTTPS calls, no SDK required:

  1. POST /api/packagestore/package/negotiate (this endpoint) with the workspace and file name. If the response mode is direct, take the returned uploadUrl.
  2. PUT the raw file bytes to that uploadUrl, adding the header x-ms-blob-type: BlockBlob (the one Azure-ism). The blob lands in a private pending/quarantine path and is not part of the feed yet.
  3. POST /api/packagestore/package/confirm to validate and promote it - see Confirm a direct upload.

The upload URL is scoped to a single blob, is write-only, and expires after 4 hours. It is never logged or stored. Nothing is downloadable until you call confirm.

Parameters

NameInTypeRequiredDescription
WorkspaceId body string yes ID of the destination workspace.
FileName body string yes Package file name including ID, version and extension, e.g. Acme.Web.2.5.3.zip.

Errors

StatusMeaning
400 Invalid WorkspaceId, or a FileName that doesn't match the <PackageId>.<Version>.<ext> pattern.
401 Missing or invalid Basic auth credentials, or the service account lacks permission to push packages to this workspace.