# Uploading Compliance Documents

The Controls API enables users to upload supporting evidence to a control period and securely store it in their connected Cloud Storage Provider (CSP). The following steps outline how to upload documents to a control.

#### Step 1: Obtain a pre-signed S3 URL

Use the Controls API to obtain a pre-signed S3 URL. The period parameter is required and ensures the desired period is not locked.

Example:


```
curl -X GET \
 'https://fq-api.floqast.app/api/v1/controls/<id>/upload-url/january-2025' \
 -H 'x-api-key: <your_api_key_here>'
```

A successful call will return a response with this shape.


```
    "data": {
        "uploadUrl": "https://automation-large-payload-store.s3...",
        "fileKey": "f123abcd-1234-4565-99a1-22eg0ba2277e"
    }
}
```

#### Step 2: Upload file to S3

Using the pre-signed URL from the previous step, upload a file to the temporary S3 bucket using a PUT request.

Example:


```
curl -X PUT -T "document to upload.txt" "https://automation-large-payload-store.s3..."
```

#### Step 3: Upload file to CSP and metadata to FloQast

Using the Controls API, send a POST request to upload your file from S3 to your connected Cloud Storage Provider (CSP) and synchronize it with FloQast. The request body must include the fileName, the fileKey obtained in the previous step, and the period associated with the target control.

Example:


```
curl -X POST \
  'https://fq-api.floqast.app/api/v1/controls/<id>/documents' \
  -H 'x-api-key: your_api_key_here' \
  -d '{
    "fileName": "evidence-document.xlsx",
    "fileKey": "f123abcd-1234-4565-99a1-22eg0ba2277e",
    "period": {
        "month": "january",
        "year": "2025"
    }
}'
```