HomeGuidesAPI Reference
Guides

Secure S3 Document Upload

Let Payitoff handle your consumers' income certification document uploads!

Suggest Edits

Payitoff supports securely uploading income certification documents for Income Driven Repayment Plan Enrollments using a pre-signed URL to a secure AWS S3 bucket.

Overview

When you're ready for a consumer to upload their File, request a pre-signed URL from Payitoff's secure upload endpoint. Once you have that pre-signed URL, do a PUT request with your File to the URL. At this point, you're all set! All that remains is to POST your consumer's Enrollment.

Pre-Signed URLs

Our pre-signed URLs are configured to expire 5 minutes after creation. The URLs are one-time use, as the S3 bucket receiving the files is configured to write once only. The expiration timestamp is included in the response body.

For more information about pre-signed URLs, see the S3 documentation.

Spouse Uploads

If the consumer providing income certification has a marital status of MARRIED_FILING_JOINTLY and their spouse's agi is not zero, the response from the endpoint will also contain a spouse_url. If the consumer themselves has an agi that is $0, there will be no consumer_url because it is not necessary to prove zero income. In other words, URLs will be provided for whichever of the consumer and spouse who need to upload documents.

Further Uploads

You may request as many pre-signed URLs for secure upload as necessary. If multiple files are uploaded (using separate pre-signed URLs) for the consumer or spouse prior to creating the Enrollment, the most recent one for each will be used.

File Types

Supported file types for income certification documents are: jpg, jpeg, pdf, png, and tiff.

Example

// POST /api/v3.0.0/consumers/777fc1f7-fe1a-44dc-b45a-9b53f973a04f/secure_upload
{
  "data": {
    "consumer": {
      "url": "https://pio-localhost-private.s3.us-east-2.amazonaws.com/secure_uploads/payitoff/777fc1f7-fe1a-44dc-b45a-9b53f973a04f/2fbf674f-972b-449d-84f3-aab1bb741a93?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAWLQ7YPCNNG5E4TBM%2F20240611%2Fus-east-2%2Fs3%2Faws4_request&X-Amz-Date=20240611T223328Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=c9f7999c9d16b849410f6dd203aff619c7c6ee613e10c65003c104c97545103b",
      "expires_at": "2024-06-11T22:33:28.660538Z"
    },
    "spouse": {
      "url": null,
      "expires_at": null
    }
  }
}

Updated 5 months ago

What’s Next