Yes. Cloudinary supports several methods for handling image access control and there's an overview of several options available in our documentation here: https://cloudinary.com/documentation/control_access_to_media
Below is a summary of some of these options, and the suitability of these will depend on your use cases and requirements:
- Random public IDs - Cloudinary allows generating random public ids for uploaded assets or setting your own identifier. The public ID is part of the delivery URL for an asset and because the randomly generated public id doesn't follow any pattern and cannot be guessed, it's not practical to access a file without having been provided with the URL previously by an authorized user. This is a common practice for obfuscating the URL at which an asset can be accessed, is the same way many social media sites hosts their images, and is available to all plans.
- Private images - available for all of our plans, including our free plan. You can upload images with 'private' delivery type using our API or Media Library. The original images will not be available for access by the public, but derived (transformed) copies will still be publicly accessible. You can use this together with the 'Strict Transformations' mode, which limits access to only derived images with transformations that have been whitelisted by you, making it so the public cannot simply take your URL and add random transformations to see the images and also increase your transformation count. To enable 'Strict Transformations', please navigate to your account's "Security" settings tab. For accessing original images, you can download the images using an authenticated API (bypassing the CDN) or provide a signed URL to allow it. More details are available in this example from our blog: http://cloudinary.com/blog/how_to_quickly_build_a_stock_photo_site_using_cloudinary
- Authenticated images - "authenticated" original assets, as well as derived versions of those assets, are not accessible using unsigned URLs. These images are only accessible via URLs with signatures in them, where the signature is based on your account's `API secret` and can be created using our server-side SDKs.
- Token-based authentication - available on our Advanced plan or higher. Allows you to restrict access to the images to URLs that include a valid token, and the token can allow access for a limited time, to specific IP addresses, and to a specific URL pattern (e.g. allowing access to specific assets, folders, or transformation options).
- Cookie-based authentication - available on our Advanced plan or higher. Has the same feature set as token-based authentication, but allows you to set the authentication token in a cookie. Requires that your account's assets are available via your own subdomain (so the cookie can be set by your website).
- Referral-based restrictions - available on our Advanced plan or higher. Limits access to your account's assets based on the value of the HTTP "Referer" header in the requests. This can limit access to your assets to requests originating on your own website(s), or deny requests for your assets if the requests were made via specific sites.