Secure File Upload

The parameters for SecureFileUpload are:

Name Type Default Values Description
promptText string - - the title shown on the SecureFileUpload element
promptButtonText string - - the label for the file upload button
retryButtonText string - - the label for the file replace button
confirmationText string - - the label for the file confirmation button
confirmButtonText string - - the label for the flow completion button
uploadCancelledText string Upload Cancelled - the label for cancel upload button
cancelButtonText string Cancel - the label for the cancel button
confirmationFailureText string Error Processing File - the label to show if upload errors out
version string - - the version of secure file upload node to use
preventRetries string - - determines if the element should only be interacted with once or if a user can retry failed upload. Only available in version 2.
exitOnCancel boolean false true, false Only available when version=“2” and preventRetries=“true”. When true sends up a markupInteraction when a user cancels the file upload process
resizeWidth string - - if provided, the uploaded file will be resized based on the value. Value must be string without px
fileSelectionErrorText string File error: Invalid file. Please try again. - The message to display whenever fileType is set to a valid MIME type, and a file with the wrong type is selected to be uploaded.

An example of SecureFileUpload V2 markup is as follows:

Each <UploadItem> settings can be found here

The version attribute determines what version of the secure file upload node is used, the possible values are 2. If it is not present on the markup then it will default to version 1. For more information on the differences between v1 and v2 see here, SecureFileUpload V1 and here SecureFileUpload V2

The preventRetries attribute is only available in version 2.

To start using version 2 of the SecureFileUpload node please contact ServisBOT to enable version 2 for your organization.

File Type Verification

The fileType attribute can be set to a valid MIME type on any <UploadItem> to enable the rejection of files that do not match the fileType.

If fileType is set to an unrecognized MIME type, a console warning will be logged when SecureFileUpload renders, and the MIME verification will be disabled until fileType is updated to a valid MIME.

MIME type verification is only available in Version 2.

Outside of Version 2, fileType e.g. fileType="image/png" only affects the user’s file selection screen, greying out files that do not match the type, with no further checks once a file is selected.

Here are some examples of valid MIME types:

  • image/pdf - allows .pdf images only
  • image/jpeg - allows .jpeg / .jpg images only (must be image/jpeg for both cases)
  • image/* - allows any image files
  • application/pdf - allows .pdf files only

For a more comprehensive list of common MIME types, see here.

File Type Verification Process

If the fileType is a valid MIME, when a user selects a file the following is checked:

  1. The file’s magic number - some types of files contain a couple of bytes at the start of the file, which contain information about the type of file it is.
  2. The file’s extension.

Files are allowed if:

  • The file has a magic number that matches the fileType MIME.
  • The file does not have a magic number, but the file’s extension’s MIME matches the fileType. e.g. fileType="application/json" allows file.json to be uploaded.

Files are rejected if:

  • The file has a magic number, but the type it shows does not match the fileType MIME.
  • The file does not have a magic number, and the file’s extension’s MIME does not match the fileType. e.g. fileType="image/jpeg" will reject any file.txt file.
  • The file has both a magic number and a recognized file extension, but the types between them do not match.

If any files are rejected on selection, the user is able to choose another file, even with preventRetries enabled. Once the user chooses a valid file and uploads it, they can no longer retry.


Single-file SecureFileUpload on the selection of an invalid file.

Single-file SecureFileUpload verification failed

Multi-file SecureFileUpload on the selection of one invalid file, and one valid file.

Multi-file SecureFileUpload verification failed

In both cases, the user is not able to upload the files due to the errors. Once valid files are selected, the submit button appears.