Get destination type schema

Each delivery destination supported by Bright Data has its own field set. For example, s3 requires a bucket and either an access key/secret pair or an IAM role ARN plus external ID, while sftp requires host and credential fields. Call this endpoint with the destination type you plan to use, then supply the returned fields in the deliver object when you call Update view delivery settings.

Use Get delivery options first to list the valid values you can pass as destination_type.

Example credential payloads and permissions

The values shown below are sample values. Replace them with your real credentials before sending a request. Use Get delivery options to list the supported destination_type values. Then call this endpoint with the selected destination_type and pass the required fields in the deliver object. For cloud storage destinations, Bright Data may validate that delivered files are readable after upload. Make sure the credentials include the provider-specific upload and read permissions listed below. If read permission is missing, delivery upload may succeed, but read-after-upload validation can fail.

Amazon S3

{
  "bucket": "customer-bucket",
  "region": "us-east-1",
  "credentials": {
    "access_key_id": "<AWS_ACCESS_KEY_ID>",
    "secret_access_key": "<AWS_SECRET_ACCESS_KEY>"
  }
}

Required permissions:

s3:PutObject
s3:GetObject

For restrictive multipart upload policies, multipart-related permissions may also be required, such as s3:AbortMultipartUpload and s3:ListMultipartUploadParts.

Amazon S3 with IAM role

{
  "bucket": "customer-bucket",
  "region": "us-east-1",
  "use_dca_delivery_role": true,
  "assume_role": {
    "role_arn": "arn:aws:iam::<account-id>:role/<role-name>",
    "external_id": "<external-id>"
  }
}

Required permissions:

s3:PutObject
s3:GetObject

For restrictive multipart upload policies, multipart-related permissions may also be required, such as s3:AbortMultipartUpload and s3:ListMultipartUploadParts. The IAM role trust policy must allow Bright Data’s delivery role to assume the customer role using the provided external ID.

Azure Blob Storage

{
  "container": "customer-container",
  "credentials": {
    "account": "<storage-account-name>",
    "key": "<storage-account-key>"
  }
}

Required permissions:

blob create/write permission for upload
blob read permission for read-after-upload validation

Azure Blob Storage with SAS token

{
  "container": "customer-container",
  "credentials": {
    "account": "<storage-account-name>",
    "sas_token": "<sas-token>"
  }
}

Required SAS permissions:

r, read, required for read-after-upload validation
c, create, required for creating new blobs
w, write, required for uploading blob content

Google Cloud Storage

{
  "bucket": "customer-bucket",
  "credentials": {
    "type": "service_account",
    "project_id": "<gcp-project-id>",
    "private_key_id": "<private-key-id>",
    "private_key": "-----BEGIN PRIVATE KEY-----\\n...\\n-----END PRIVATE KEY-----\\n",
    "client_email": "<service-account>@<project>.iam.gserviceaccount.com",
    "client_id": "<client-id>"
  }
}

Required permissions:

storage.objects.create
storage.objects.get

Ali OSS

{
  "bucket": "customer-bucket",
  "region": "oss-eu-central-1",
  "endpoint": "oss-eu-central-1.aliyuncs.com",
  "credentials": {
    "access_key_id": "<ALI_ACCESS_KEY_ID>",
    "secret_access_key": "<ALI_SECRET_ACCESS_KEY>"
  }
}

Required permissions:

oss:PutObject
oss:GetObject

For restrictive multipart upload policies, multipart-related permissions may also be required.

SFTP

{
  "host": "sftp.customer.example.com",
  "port": 22,
  "username": "<username>",
  "password": "<password>",
  "path": "/incoming"
}

Or with SSH key:

{
  "host": "sftp.customer.example.com",
  "port": 22,
  "username": "<username>",
  "ssh_key": "-----BEGIN PRIVATE KEY-----\\n...\\n-----END PRIVATE KEY-----\\n",
  "passphrase": "<private-key-passphrase>",
  "path": "/incoming"
}

Required permissions:

SSH/SFTP login permission for the configured user
write permission to the configured destination path
create file permission in the configured destination path

Webhook

{
  "url": "https://customer.example.com/delivery",
  "auth": "Bearer <token>",
  "compress": "gzip"
}

Requirements:

the endpoint must accept POST requests
the endpoint must return a 2xx response after receiving the payload
for large deliveries, use cloud storage delivery instead of webhook

Authorizations

Authorization

string

header

required

Use your Bright Data API Key as a Bearer token in the Authorization header.

How to authenticate:

Obtain your API Key from the Bright Data account settings at https://brightdata.com/cp/setting/users
Include the API Key in the Authorization header of your requests
Format: Authorization: Bearer YOUR_API_KEY

Example:

Authorization: Bearer b5648e1096c6442f60a6c4bbbe73f8d2234d3d8324554bd6a7ec8f3f251f07df

Learn how to get your Bright Data API key: https://docs.brightdata.com/api-reference/authentication

Path Parameters

destination_type

string

required

The identifier of the delivery strategy. Supported values: api_pull, webhook, email, gcs, gcp_pubsub, s3, snowflake, ali_oss, sftp, azure.

Example:

"s3"

Response

Schema for the requested destination type

name

string

properties

object

Overview

Products

Administrative API

Example credential payloads and permissions

Amazon S3

Amazon S3 with IAM role

Azure Blob Storage

Azure Blob Storage with SAS token

Google Cloud Storage

Ali OSS

SFTP

Webhook

Authorizations

Path Parameters

Response

Overview

Products

Administrative API

Documentation Index

​Example credential payloads and permissions

​Amazon S3

​Amazon S3 with IAM role

​Azure Blob Storage

​Azure Blob Storage with SAS token

​Google Cloud Storage

​Ali OSS

​SFTP

​Webhook

Authorizations

Path Parameters

Response

Example credential payloads and permissions

Amazon S3

Amazon S3 with IAM role

Azure Blob Storage

Azure Blob Storage with SAS token

Google Cloud Storage

Ali OSS

SFTP

Webhook