Yes. Cloudinary supports several methods for handling image access control and there's an overview of several options available in our documentation here: https://cloudinary.com/documentation/control_access_to_media
We've also provided a summary below of some of those options, and which option(s) you may may be suitable will be based on your specific requirements:
- Random public IDs - Cloudinary allows generating random public ids for uploaded assets or setting your own identifier. The public ID is part of the delivery URL for an asset and because the randomly generated public id doesn't follow any pattern and cannot be guessed, it's not practical to access a file without having been provided with the URL previously by an authorized user. This is a common practice for obfuscating the URL at which an asset can be accessed, is the same way many social media sites hosts their images, and is available to all plans.
- Private images - available for all of our plans, including our free plan. You can upload images with 'private' delivery type using our API or Media Library. The original images will not be available for access by the public, but derived (transformed) copies will be publicly accessible. You can use this together with the 'Strict Transformations' mode, which allows you to define certain transformations (e.g., watermarked or resized copies) that will be made created without authentication, and all existing derived versions can be delivered to your users via our CDNs. For accessing the original images, you can download the images using an authenticated API (bypassing the CDN) or provide a signed URL to allow it. More details are available in this example from our blog: http://cloudinary.com/blog/how_to_quickly_build_a_stock_photo_site_using_cloudinary
- Authenticated images - "authenticated" original assets, as well as derived versions of those assets, are not accessible using unsigned URLs. Those images will only be accessible via signed URLs, where the signature is based on your account's `API secret` and can be created using our server-side SDKs.
- Token-Based Authentication - Available on our Advanced plan or higher. It allows you to restrict access to the images to URLs that include a valid token, and the token can allow access for a limited time, to specific IP addresses, and to a specific URL pattern (e.g. allowing access to specific assets, folders, or transformation options): https://cloudinary.com/documentation/control_access_to_media#delivering_token_based_authenticated_media_assets
- Cookie-Based Authentication - The same feature set as token authentication, but allowing you to set the authentication token in a cookie. This is available on the Advanced plan or higher and requires that your account's assets are available via your own subdomain (so the cookie can be set by your website): https://cloudinary.com/documentation/control_access_to_media#cookie_based_authentication_premium_feature
- Referral based restrictions - This feature is available for our Advanced plan or higher, and using these restrictions we can limit access to your account's assets based on the value of the HTTP "Referer" header in the requests. This can limit access to your assets to requests originating on your own website(s), or deny requests for your assets if the requests were made via specific sites.
Comments
5 comments
Thanks for these tips. We're looking for a way to ensure our images are not accessed outside the mobile app that we are developing . Is there some way of testing the 'authenticated images' through some demo cloud/site/images that Cloudinary can host, and provide authentication details for test purposes? That way, we can develop the app and upgrade to the advanced plan only when the app goes live.
So how do I do this in the web?
You have just talked about all what we can do, but you didn't say how to do it (?)
I cannot find any option anywhere to make my uploaded images to be private by default.
Where is the option in the web UI ?
Hi Paolo,
Check out this documentation about uploading resources with different type preferences: http://cloudinary.com/documentation/upload_images#control_access_to_images
Which plan is Premium? Is it any paid plan?
Our premium (or enterprise) plan is indeed a paid plan. Since it is fully customizable and tailored to the user's needs, you could contact us in the link below letting us you are interested in that plan, and we will get back to you.
http://cloudinary.com/contact?reason=join
Please sign in to leave a comment.