Yes. Cloudinary supports several methods for handling image access control and there's an overview of several options available in our documentation here: https://cloudinary.com/documentation/control_access_to_media
We've also provided a summary below of some of those options, and which option(s) you may may be suitable will be based on your specific requirements:
- Random public IDs - Cloudinary allows generating random public ids for uploaded assets or setting your own identifier. The public ID is part of the delivery URL for an asset and because the randomly generated public id doesn't follow any pattern and cannot be guessed, it's not practical to access a file without having been provided with the URL previously by an authorized user. This is a common practice for obfuscating the URL at which an asset can be accessed, is the same way many social media sites hosts their images, and is available to all plans.
- Private images - available for all of our plans, including our free plan. You can upload images with 'private' delivery type using our API or Media Library. The original images will not be available for access by the public, but derived (transformed) copies will be publicly accessible. You can use this together with the 'Strict Transformations' mode, which allows you to define certain transformations (e.g., watermarked or resized copies) that will be made created without authentication, and all existing derived versions can be delivered to your users via our CDNs. For accessing the original images, you can download the images using an authenticated API (bypassing the CDN) or provide a signed URL to allow it. More details are available in this example from our blog: http://cloudinary.com/blog/how_to_quickly_build_a_stock_photo_site_using_cloudinary
- Authenticated images - "authenticated" original assets, as well as derived versions of those assets, are not accessible using unsigned URLs. Those images will only be accessible via signed URLs, where the signature is based on your account's `API secret` and can be created using our server-side SDKs.
- Token-Based Authentication - Available on our Advanced plan or higher. It allows you to restrict access to the images to URLs that include a valid token, and the token can allow access for a limited time, to specific IP addresses, and to a specific URL pattern (e.g. allowing access to specific assets, folders, or transformation options): https://cloudinary.com/documentation/control_access_to_media#delivering_token_based_authenticated_media_assets
- Cookie-Based Authentication - The same feature set as token authentication, but allowing you to set the authentication token in a cookie. This is available on the Advanced plan or higher and requires that your account's assets are available via your own subdomain (so the cookie can be set by your website): https://cloudinary.com/documentation/control_access_to_media#cookie_based_authentication_premium_feature
- Referral based restrictions - This feature is available for our Advanced plan or higher, and using these restrictions we can limit access to your account's assets based on the value of the HTTP "Referer" header in the requests. This can limit access to your assets to requests originating on your own website(s), or deny requests for your assets if the requests were made via specific sites.