Control access to public images



  • Avatar
    Wissam Khalili


    There's an overview of different access control options available here in our documentation, and it includes information about restricting how new derived assets can be created in your account and how access to retrieve existing assets can be controlled:

    At a high level, there are two sets of features to look at.

    To protect the original files and control how derived (transformed) versions of your assets can be created, the features to look at are 'private' images (protects the original) and 'strict transformations' (controls how new versions can be created). This can be done on any plan including our free plan.


    To control how access can be made to existing derived images also, the 'authenticated' type requires authentication to be provided when requesting images.

    This would require a signature in the URL in order to access those assets. Since you are requesting those assets from your server to Cloudinary, they shouldn't really be exposed to your end-users. If a user gets that URL with that signature, they will be able to access the file as well.


    There are different forms this authentication can take depending on your account's plan and your exact requirements; some options require our Advanced plan or higher, and some, like cookie authentication, require that a custom domain is used for delivery. There's a breakdown here:

    Hope this is helpful!




    Comment actions Permalink
  • Avatar
    Digital Admin

    Thank you

    Comment actions Permalink

Please sign in to leave a comment.