Simplification for download of files

We’re building an integrations using web technologies. To display the thumbnail or the primary representation, we had to create a proxy which simplifies the download of the images by standard tags image or video.

<img src="..." />

or

<video>
   <source src="..." type="video/mp4">
</video>

It would be great if the urls of the media files (images, videos, …) would uses a url parameter for authentication instead of the headers authentication and x-api-key. Other solutions are using token which are valid for a certain time, afterwards the url to files invalid.

In our case, we could avoid the traffic on our servers and we could speed up the loading of files.

This is a good idea that would have the unfortunate side effect of turning all renditions into effectively publicly-accessible assets. The requirement for the auth and api-key headers tie the download to the specific client & user. Embedding that data into the link would make it easy to distribute links and, as mentioned, give them the quality of being universally accessible.

I understand the inconvenience of the additional headers, but it is critical to protect users’ assets from inadvertent or malicious misuse.

1 Like

@roche If the url of a file has a token as query parameter which is generated each time somebody requests the detail of an asset and and the token expires after 15 minutes, the security is risk is very limited.

When does someone get access to the url of image with the token: A user with existing access to image is coping the url?

After 15 minutes the url is useless.

This method is used by other DAM solutions or social networks like Facebook.

As the CC Libraries also contain Adobe Stock images, I check how I can download the images.

The Adobe Stock API adds the access token as parameter to url. :wink:

https://stock.adobe.com/Rest/Libraries/Download/112670342/1?token=AccessTokenHere