Secureing Assets and files such as pdf and images

I have a project that uses Contentful and I have two different environments. I do not server front-end directly by Contentful. I have a BFF (Back-end for front-end) which is an app that talks to Contentful and serve JSON data to the front-end. On our BFF I use Contentful’s Api keys for two different environments that I have defined on Contentful.

There are some media assets like PDFs that I keep on Contentful and I would like to secure them because when a Content item is served to the front-end through BFF from Contentful, Front-end can see the file URL and everyone with that file URL can access the file no matter if they are logged in or not.

Is there any way that I can secure the files?

Do assets’ URLs have a final limited time? If yes How long is that lifetime? And is that possible to change the URL’s lifetime?

Hi @ama,

The URLs (in this case of a PDF) do not change for the asset, therefore it’s not possible to change the URL’s lifetime. One possible solution could be to write a small ‘proxy’ script in your BFF that would allow you to verify the credentials of the user. The proxy script should just download the file locally (any webserver always uses a /tmp folder) and serve it as it is coming from your backend.

Of course, you will need to check that such script does not impact negatively on your local storage, nor on your website bandwidth.