As a banking provider, a lot of files provided contain personally identifiable information and this means they have to be stored with privacy ad the safety of users in mind; thus, when files are uploaded, they aren't streamed through our servers but directly streamed to storage where they're stored privately.
File Storage Privacy
All file uploads will create the files in storage in "private" mode unless explicitly requested to be stored in "public" mode.
To gain access to upload files to our storage, permission needs to be requested from the API; when permission is granted, a signed upload URL is provided to the requester which can then be used to store the file.
Since the files are stored privately, trying to access them using the file URL will always throw an access denied error; so when read access is required on a file that was privately stored, permission is also requested to view the file and a signed download URL is returned from the API.
Be aware that these presigned URLs have an expiry on them whether it's for upload or download.
If the URL expires, it's trivial to request another presigned URL so you can retry the operation.