Security around Download URL in GET asset

What options are there available to prevent the download link being visible or at least accessible in a Get Asset call? Often we don’t want to expose a download link to the calling application when we simply want the other metadata.

I’m not sure if I can disable the ability for a single user to download, but still have access to a team. I did look into the permissions in the UI, but it seems the most granular I can get is on a team level and not on a user level.

Lastly, how is the download URL secured?

Hey, sorry I missed this last week!

This is a question best raised with our Support team via Intercom. I believe you also reached out to your account rep with this question, and you should my response via them in your inbox.

The short answer is that no, it’s not possible to directly limit individual user’s access priveleges to download links. What you can do is change your accounts to prevent download of originals by say “Collaborators and up”, or “Team Members and up”, or “Team Managers and up”, or "Admins only.

Then assign the user who the developer token belongs to that permission level, at which point they’ll be subject to the enforcement of those rules.

Download URLs are pre-signed URLs valid for 24 hours, secured through the same permission and authentication model as anything you’d access in-app via the same user account.