Resource Bindings API

Bindings are a way to expose external resources to a script that can be managed outside the script code (currently: text secrets, API keys, CryptoKeys - stay tuned for more!).

To upload bindings, use the script upload endpoint with a multipart/form-data request body, as follows.

Every such body has at least two parts: the script itself, and a JSON definition of its metadata. The metadata follows this schema:

  "body_part": string,
  "bindings": array,

where each element of bindings defines a resource binding. There are different types of resource bindings, each with their own definition schema. We’ll get into that later.

The body_part attribute is a reference to the request body part that contains the script itself. This is best explained with an example. Let’s say we have written our metadata as such:

// metadata.json

  "body_part": "script",
  "bindings": []

Note this metadata does not define any bindings. We’ll add some soon.

This metadata does declare that the script body will be found in a part named script. The metadata itself must always be in a part named metadata. So, if we have our script saved to a local file script.js, we issue our request with:

curl -X PUT "" \  # for multi-script, .../workers/scripts/:script_name
  -H "X-Auth-Key:ACCOUNT_AUTH_KEY" \
  -F "[email protected];type=application/json" \
  -F "[email protected];type=application/javascript"

And that’s it! We have child pages detailing each kind of resource binding and how to add it to this command. Please consult them to add the resource bindings you need.