Yes. Cloudinary supports several methods for handling image access control. You can choose the method that best suits your needs:
- Random public IDs - Cloudinary allows generating random photo ids (URLs) for uploaded photos or setting your own photo IDs. Since the URL is impossible to guess, it will only be available publicly if the owner of the photo can access his image's URL and share it with others. This is a common practice (it's the same way Facebook hosts your images) and is available to all plans.
- Private images - available for all of our free and paid plans. You can upload images as 'private'. The original images are not available for access by the public. Together with the 'Strict Transformations' mode, you can define certain transformations (e.g., thumbnail) that are available to the public and delivered to your users through a fast CDN. For the less common case of accessing the original images, you can download the images using an authenticated API (bypassing the CDN). More details are available in this blog post: http://cloudinary.com/blog/how_to_quickly_build_a_stock_photo_site_using_cloudinary
- Authenticated images - authenticated originals, as well as its derivatives, will be totally inaccessible using unsigned URLs. Those images will only be delivered against an `API-SECRET` based signed URLs.
We also support time-based expiring URLs, which is now supported via our Akamai CDN, available for our Pro plans and higher (as it requires a few setup steps on our side and yours). For more information please contact us.
- Referral based Whitelisting / Blacklisting - This feature is available for our Premium plans only. In addition, a custom CNAME must be set-up for your account for this to work. You need to let us know the domains you want to be whitelisted for your account and following a short manual configuration on our side, any request for access to an image that does not come from a domain on the whitelist will be denied. Likewise, any request for access to an image that comes from a domain on the blacklist will be denied.