This support forum is no longer in use. Please use the Cloudinary Community at to receive assistance from other members of the community and from Cloudinary's support team. For account-specific questions or if you believe that you've encountered a bug, please contact the Cloudinary team directly via the "submit a request" option on this support site.

Avoid anyone with a signed url link to access the asset



  • Avatar
    Danny Valentine
    Hey. Thanks for getting in touch.

    Signed URLs are great for ensuring that people can't create new transformations on-the-fly, such as taking an asset from your website/application and applying resizing and effects. Signed URLs aren't actually designed to prevent access to media assets outside of your site/app though. Anybody with the URL will be able to see that asset regardless of location, useragent, etc, and this is done by design.

    It sounds like what you're after is authenticated access via token or cookie based authentication, however this is only available to customers on one of our advanced plans. If you'd like to proceed with this, please  raise a support ticket and we can set up a conversation with an account manager.

    With regards to your second and third questions about providing time-limited access via signed_download_url, this is actually for downloading assets rather than displaying them, and as such, transformations can't be applied. To give a use-case example: a digital artist might have watermarked images displayed on their site in low quality using a strict transformation. If a user wanted to buy the image, the private download URL could be generate to provide the full-resolution, unwatermarked image.

    I hope this helps. Please let us know if you have any questions.

    Comment actions Permalink
  • Avatar
    gStudio Team

    Got it, thanks for the answer!

    Comment actions Permalink

Post is closed for comments.