Python getting restricted access control assets

ASimpson
ASimpson Member Posts: 4
edited July 2023 in Developer APIs

Hi all, i'm implementing cloudinary as part of a project for a client, as part of that implementation I need to generate cuts of images on the fly which works fine when the image access control is set to public but as soon as the access control is set to restricted any URL I get from my function either 404's or 500's

/image/private/t_323x182-fit/cricket.jpg?__cld_token__=exp=1689755875~hmac=20c2f06ddee9bd3186eed12eda6e65db32718dd6b68375b5abd651bd4e1d3e44

I've been following this

https://cloudinary.com/documentation/control_access_to_media#delivering_token_based_authenticated_media_assets

and got the below code

cloudinary.CloudinaryImage(asset).build_url(

transformation=[transform],

type = "private",

auth_token = dict(key = createToken(), duration = 2400),

sign_url = True

)


this is the token function

dt = datetime.now()

ts = datetime.timestamp(dt)

token = cloudinary.utils.api_sign_request(dict(timestamp = ts), SECRETS.get("api_secret"))


I've not really found the docs straight forward in how to access the restricted assets

Comments

  • Vdeub
    Vdeub Member, Cloudinary Staff Posts: 52

    Hi @ASimpson,

    May I ask you to create a ticket to support@cloudinary.com?

    The key to generate the auth_token is a key we have to share with you so until you don't have it, you can't generate the token authentication when delivering a URL.

    Thanks,

    Loic

  • ASimpson
    ASimpson Member Posts: 4

    @Vdeub ah thank you, I'll raise this internally first just in case we've already got it somewhere.


    So how would i use that key once i've got it? Do I just put it in `auth_token = dict(key = createToken(), duration = 2400),` as part of the call to get the image? Or is something else needed for it.

  • Vdeub
    Vdeub Member, Cloudinary Staff Posts: 52

    @ASimpson , your code will just become:

    cloudinary.CloudinaryImage(asset).build_url(
    
    transformation=[transform],
    
    type = "private",
    
    auth_token = dict(key = "xxx", duration = 2400),
    
    sign_url = True
    
    )
    

    Where xxx is the authentication key that needs to be shared with you.

  • ASimpson
    ASimpson Member Posts: 4

    @Vdeub thought so thank you.


    Just to be 100% sure the key used there for the auth token is different to the API Key and API Secret on the console dashboard?

  • Vdeub
    Vdeub Member, Cloudinary Staff Posts: 52

    @ASimpson, that's right - it is an authentication_key that can only be generated on our side.

  • ASimpson
    ASimpson Member Posts: 4

    @Vdeub awesome thank you for the help