How to create a protected download area?
By default the assets uploaded in Storyblok are accessible by anyone that has the link to it. Sometimes you want to restrict the access to only logged in users, make a protected download area or only make the asset available at a specific time. For all that cases you can use the “Private” option at the upload modal to make the assets only available via a specific asset token. To generate a url for the user you need to call the assets endpoint with the filename and the asset token like in this example:
https://api.storyblok.com/v2/cdn/assets/me?token=0Q60BeVciQvvHV1UnMz2Hgtt&filename=https://a.storyblok.com/f/135435/x/f47bdaee3e/sample.pdf
So to sumarize here are the steps you need to follow:
Step 1: Go to the asset manager, upload a single asset and choose “Private” at the visibility settings.
Step 2: Create an asset token in the space settings
Step 3: Create an endpoint in your backend that hides the preview token from the unauthorized users and send the signed_url as download link.
Following an example in Javascript:
const StoryblokClient = require('storyblok-js-client')
let Storyblok = new StoryblokClient({
accessToken: YOUR_ASSET_TOKEN
})
let getSignedUrl = function(filename) {
let response = await Storyblok
.get('cdn/assets/me', {
filename: filename
})
return response.data.asset.signed_url
}
console.log(getSignedUrl('https://a.storyblok.com/f/135435/x/f47bdaee3e/sample.pdf'))