A Node.js service that extracts binary content from Paragon Managed Sync and automatically uploads it to Amazon S3.
This service handles the complete sync lifecycle including initial syncs, incremental updates, and webhook events.
- Node.js 20+ (for local development)
- Docker (for containerized deployment)
- AWS account with S3 bucket and credentials
- Paragon account with Managed Sync enabled
-
Install dependencies:
cd paragon-sync-extractor/ npm install -
Create
.envfile:cp .env.example .env
-
Configure environment variables in
.env:From AWS:
AWS_ACCESS_KEY_ID=your_aws_access_key_id AWS_SECRET_ACCESS_KEY=your_aws_secret_access_key AWS_S3_BUCKET_NAME=your_s3_bucket_name AWS_REGION=us-east-1
From Paragon:
PARAGON_PROJECT_ID="your_paragon_project_id" PARAGON_SIGNING_KEY="-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n"
-
Start the service:
npm run dev
-
Enable a sync:
Call the Enable Sync endpoint, changing the base URL from
https://sync.useparagon.comto the hostname of the running uploader service (e.g. http://localhost:3000).This uploader service, when deployed, becomes the new base URL that is used when calling Managed Sync endpoints.
curl --request POST \ --url http://localhost:3000/api/syncs \ --header 'Authorization: Bearer <Paragon User Token>' \ --header 'Content-Type: application/json' \ --data '{ "integration": "googledrive", "pipeline": "files", "configuration": {}, "configurationName": "<string>" }'
All API endpoints (except /health and /api/webhooks) require authentication via the Authorization header with a Paragon User Token.
The API is identical to the Managed Sync API documented here, forwarding all requests directly if not handled by this uploader service.
This service overrides the Enable Sync endpoint to track created syncs in an S3-persisted state file.
Include the Paragon User Token in the Authorization header:
Authorization: Bearer <your_paragon_user_token>
The token will be validated with your signing key before processing any request.