Home

XEP0363

XEP-0363, titled HTTP File Upload, is an XMPP Extension Protocol that standardizes a method for transferring files by uploading them to an HTTP server and sharing a reference to the file within XMPP. It provides a server-mediated approach that avoids direct peer-to-peer file transfers while leveraging common web infrastructure.

The protocol operates through an upload slot workflow. A sender requests an upload slot from a dedicated

After the uploader completes the HTTP PUT, the file resides on the server and can be retrieved

Security and interoperability considerations include the use of HTTPS to protect data in transit, time-limited or

HTTP
File
Upload
service
by
sending
an
XMPP
IQ
that
includes
the
file’s
metadata,
such
as
size,
content
type,
and
name.
The
service
replies
with
a
slot
containing
a
URL
for
an
HTTP
PUT
to
upload
the
file
and
a
corresponding
URL
for
HTTP
GET
to
download
it,
along
with
constraints
like
maximum
file
size
and
permitted
content
types.
An
access
token
or
other
authentication
mechanism
may
be
provided
to
authorize
the
upload.
via
the
GET
URL.
The
sender
then
communicates
to
the
recipient(s)
the
download
URL
(often
within
an
XMPP
message
or
as
part
of
the
same
exchange),
enabling
the
recipient
to
fetch
the
file
using
standard
HTTP/HTTPS.
The
actual
transfer
occurs
over
HTTP,
while
the
signaling
and
coordination
continue
to
use
XMPP.
token-based
access
controls
for
the
GET
and
PUT
URLs,
and
server-side
enforcement
of
permissions
and
size
limits.
Implementations
may
vary,
but
XEP-0363
provides
a
consistent
mechanism
for
provisioning
upload
slots
and
sharing
downloadable
references
across
XMPP
clients.