Create one-time url for authenticated media files?

Options
Gonzalo
Gonzalo Member Posts: 2
edited June 13 in Developer APIs

I'm uploading authenticated images/videos, using my backend (get the signature) and then upload images/videos using React.
For security purposes, I'd like to have a one-time link to each image on my website to prevent any person to inspect the page, take the image url, paste in the browser and download it. Or even share the link with another person…

Or maybe there is another security mechanism to prevent this?

Answers

  • Cloudinary Team
    Cloudinary Team Administrator, Cloudinary Staff Posts: 141 admin
    Options

    Hi Gonzalo,

    We dont have a one-time link option but we do offer Cookie-based and Token-based Authentication for our Premium customers.

    The validity of the token can be restricted in the following ways:

    • To a specific time frame or expiration date
    • To a specific IP address
    • To a specific pattern ACL (Access Control List)
    • To a specific user (session)

    To learn more: https://cloudinary.com/documentation/control_access_to_media#token_based_authentication_premium_feature

    Regards,
    Akshay

    Helpful Links For You
    💬 Share questions, connect with other users in our Cloudinary Community forums and Discord server!
    🧑‍🎓 Join our Cloudinary Academy for free courses, workshops and other educational resources.
    📄 Read our documentation for in-depth details on Cloudinary product features and capabilities
    📰 Check out the Cloudinary blog for the latest company news and insights

  • Gonzalo
    Gonzalo Member Posts: 2
    Options

    Thanks for your answer, Akshay.
    I'm exploring Cloudinary features and I'd like to know if there is a way to restrict access to assets on the free plan.
    I noticed that when uploading an asset as "authenticated", 2 different urls are generated: the "original" and "optimize and deliver", meaning 2 different "—s-XXXXXXX—" created. Where can I find the key for "optimize and deliver" url? I need to save it in my database.

    Besides, I can start using my first version with all public assets, but for sure I need to switch to restricted access at some point. Is that possible with many assets already uploaded as public?

  • Tom
    Tom Member, Cloudinary Staff Posts: 85
    Options

    Hi @Gonzalo ,

    Thanks for getting back.

    So using delivery type of authenticated is the way to restrict access on a free plan.

    Where do you see the the optimize and deliver URL , usually the upload response has no such field so I'm guessing this is something the React SDK returns? And can you clarify what you mean by find the key for "optimize and deliver" url?

    Yes, you can use the rename API to update existing assets to authenticated.

    Kind Regards,

    Thomas