Yes. Cloudinary supports several methods for handling image access control. You can choose the method that best suits your needs:
- Random public IDs - Cloudinary allows generating random photo ids (URLs) for uploaded photos or setting your own photo IDs. Since the URL is impossible to guess, it will only be available publicly if the owner of the photo can access his image's URL and share it with others. This is a common practice (it's the same way Facebook hosts your images) and is available to all plans.
- Private images - available for all of our free and paid plans. You can upload images as 'private'. The original images are not available for access by the public. Together with the 'Strict Transformations' mode, you can define certain transformations (e.g., thumbnail) that are available to the public and delivered to your users through a fast CDN. For the less common case of accessing the original images, you can download the images using an authenticated API (bypassing the CDN). More details are available in this blog post: http://cloudinary.com/blog/how_to_quickly_build_a_stock_photo_site_using_cloudinary
- Authenticated images - authenticated originals, as well as its derivatives, will be totally inaccessible using unsigned URLs. Those images will only be delivered against an `API-SECRET` based signed URLs.
- Token-Based Authentication - Available on the Advanced plan or higher. It allows you to limit the validity of the image delivery URL to a specific time frame. For more information - https://cloudinary.com/documentation/image_transformations#token_based_authentication.
- Cookie-Based Authentication - Available on the Advanced plan or higher and requires a CNAME set for the account. It allows you to limit the delivery of authenticated images so that only users with a valid cookie have access. For more information - https://cloudinary.com/documentation/image_transformations#cookie_based_authentication.
- Referral based Whitelisting / Blacklisting - This feature is available for the Advanced plan or higher. In addition, a custom CNAME must be set-up for your account for this to work. You need to let us know the domains you want to be whitelisted for your account and following a short manual configuration on our side, any request for access to an image that does not come from a domain on the whitelist will be denied. Likewise, any request for access to an image that comes from a domain on the blacklist will be denied.