URL Deploys
URL deploys let Press.js Cloud render a Press.js document application that is already hosted at an absolute HTTP or HTTPS URL. Instead of uploading built artifacts into Press.js Cloud, you point the deploy at that hosted Press.js target and submit render jobs against it.
Use a URL deploy when your Press.js document app is built and deployed by another system, or when the same hosted Press.js application should be rendered by Press.js Cloud without managing deploy versions in Cloud.
The target URL must serve a built Press.js document app, the same kind of app you render locally with press render.
For example, the hosted Press.js target can be served from Cloudflare Pages, Vercel, or a custom domain.
How URL deploys work
Section titled “How URL deploys work”A URL deploy stores a targetUrl on the deploy. Render jobs use deployVersionId: "latest" and load the configured target URL directly.
URL deploys differ from managed deploys in a few important ways:
| Capability | Managed deploy | URL deploy |
|---|---|---|
| Artifact uploads | Yes | No |
| Deploy versions | Yes | No |
| Aliases | Yes | No |
| Render target | Uploaded version route | Hosted Press.js target URL |
| Render payload, env, and secrets | Yes | Yes |
When a render job is created, Press.js Cloud snapshots the current target URL into the job. If you update the deploy target later, existing jobs keep rendering the URL they were created with.
External access policy
Section titled “External access policy”URL deploy rendering is external network access. It follows the workspace plan’s external access policy, render timeout, concurrency, output retention, and storage limits.
Free workspaces cannot render external Press.js target URLs. Paid workspaces can render external Press.js targets subject to the normal render limits.
Create a URL deploy
Section titled “Create a URL deploy”From the dashboard, choose New Deploy, select URL, then enter the hosted Press.js target URL.
From the CLI:
press deploys create \ --slug hosted-report \ --name "Hosted Report" \ --type url \ --target-url https://app.example.com/reportFrom the REST API:
curl -X POST "$PRESS_CLOUD_API/v1/deploys" \ -H "Authorization: Bearer $PRESS_CLOUD_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "slug": "hosted-report", "name": "Hosted Report", "type": "url", "targetUrl": "https://app.example.com/report" }'Update the target
Section titled “Update the target”Changing the target URL affects future render jobs only.
press deploys update dep_abc123 --target-url https://app.example.com/report-v2curl -X PATCH "$PRESS_CLOUD_API/v1/deploys/dep_abc123" \ -H "Authorization: Bearer $PRESS_CLOUD_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "targetUrl": "https://app.example.com/report-v2" }'Render a URL deploy
Section titled “Render a URL deploy”Submit render jobs with deployVersionId: "latest":
curl -X POST "$PRESS_CLOUD_API/v1/render-jobs" \ -H "Authorization: Bearer $PRESS_CLOUD_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "deployId": "dep_abc123", "deployVersionId": "latest", "payload": { "customer": "Acme Corp" }, "outputMode": "transient" }'The hosted page can still read render payloads, environment variables, and secrets through the normal pressCloud runtime APIs.
Protected targets
Section titled “Protected targets”Some hosted Press.js targets require machine-to-machine authentication. Configure the required credentials as deploy secrets from the deploy settings. Press.js Cloud keeps deploy secrets encrypted and write-only, then uses supported secret conventions during render.
Credential headers are sent only when the request origin matches the deploy target URL origin.
Basic AuthAuthorization header
For targets protected by HTTP Basic authentication, add these deploy secrets:
| Deploy secret | Used for |
|---|---|
BASIC_AUTH_USERNAME | Username in the Basic Auth credential pair |
BASIC_AUTH_PASSWORD | Password in the Basic Auth credential pair |
During render, Press.js Cloud sends Authorization: Basic <base64(username:password)> to the target origin.
Cloudflare AccessService token headers
For targets protected by Cloudflare Zero Trust Access service tokens, add these deploy secrets:
| Deploy secret | Header sent to the target origin |
|---|---|
CF_ACCESS_CLIENT_ID | CF-Access-Client-Id |
CF_ACCESS_CLIENT_SECRET | CF-Access-Client-Secret |
Rotate these values from the target provider first, then update the deploy secrets before submitting new render jobs.