How Filestack Works

Infrastructure and Interface

In order to provide customers and their users with low latency and maximum performance, Filestack maintains global infrastructure with a main data center and database hosted in North Virginia, USA. In addition, all systems are built to ensure maximum reliability, scalability, performance, and security.

Filestack currently handles billions of uploads, transformations, and downloads every month. Our goal is to provide a safe and secure system allowing users to manage their files in fast with no errors.

All Filestack features are currently available over HTTP protocol through carefully crafted UI integrations (web and native) and APIs.

Uploads and Storage

Filestack, by default, stores your files in its own S3 bucket hosted in N.Virginia. Still, you can use your own S3 bucket (in any region) or any other storage provider we have integrated with (Google Cloud Storage, Dropbox, Rackspace, Azure). This also applies to files uploaded programmatically using Filestack’s SDKs and REST API.

When your users upload files, most of the time, bytes will be sent directly from the browser to the S3 bucket. This is important for performance and compliance reasons. However, if you decide to use storage other than S3, your files will first get stored in Filestack’s S3 bucket, and then they will be moved asynchronously to your destination storage.

Suppose your users want to upload files from cloud integrations in the File Picker. In that case, they must authenticate with the selected service first and authorize the OAuth2 application to access their resources. Once done, the Filestack backend will download selected files from the cloud integration API and store them in your storage.

You will receive a unique URL for every uploaded file pointing to Filestack CDN. You can use that URL in your application (as is or transformed using Filestack Processing API).

The unique part of the URL is what we call handle. This is the unique identifier of the file in the Filestack system. You can use the handle when you interact with Filestack REST API and, for example, get file metadata or remove it from the system if no longer needed.

Where to go for more information:

Delivery and Transformations

As mentioned above, once the file is uploaded, you will receive a unique URL that you can use to deliver and transform that file in your application. When a user requests your file (or its transformed version), Filestack’s backend will download it from the storage location and deliver it using Content Delivery Network to your users. CDN consists of a global network of servers that temporarily cache your files so that they are not downloaded from Filestack (and your storage) every time someone requests it. Instead, they are delivered from the cache server closer to the user. This ensures great performance, low latency, and reduced data transfer fees.

Files are cached in the CDN for 30 days (with some exceptions), but you can change that behavior using Processing API. Also, if you transform your files, the result of the transformation is kept for 30 days in Filestack’s internal cache layer. File transformations are computationally expensive, so we keep those results to improve performance and your users’ experience.

You don’t have to upload files with Filestack to use our CDN and Processing API. You can use any file available over HTTP protocol in the public network, or you can configure Storage Alias to let you use files from your existing storage without needing to re-upload them.

Where to go for more information:

Security and Data Protection

Security and Data Protection are very important to us at Filestack. We ensure that our infrastructure is secured and that your data is kept safe.

Because we often deal with user-generated content, security, and data protection are shared responsibilities. Therefore, by default, your Filestack integration is public. It means there are no constraints on where your files are uploaded and delivered from. That’s why Filestack provides its customers with a set of tools like (Security Policies and Domain Whitelists) that allow for complex and granular control over what, where, and when can be done (and by whom).

Filestack is compliant with GDPR and Privacy Shield.

Where to go for more information: