Security for public file URL handoffs
Public URLs are useful because other systems can fetch them. Security comes from API keys, expiry, delete controls, file policy, and abuse review.
- Reviewed by
- GetFileURL technical team
- Updated
- Authentication
- API keys for upload and lifecycle API calls
- Public URLs
- Readable by anyone with the URL until expiry or deletion
- Controls
- Expiry, delete, MIME validation, abuse handling
What this page answers
Yes. The core product returns public URLs for downstream APIs. Use expiry and delete controls for files that should not remain public.
- Reviewed by
- GetFileURL technical team
- Last updated
A direct CDN URL is powerful because it is reachable.
That is also the risk. The product should make public access explicit and keep cleanup close to the upload response.
Anyone with the URL can fetch it
Use expiry and deletion when the file only exists for a workflow handoff.
API keys are for control actions
Uploads, deletes, and metadata reads require authenticated API calls.
Sensitive files need policy
Businesses should set shorter retention and avoid long-lived public URLs for sensitive documents.
Security features should match workflow reality.
The roadmap prioritizes controls that reduce public URL risk without making automation setup heavy.
Key rotation
API keys should be replaceable without support involvement.
MIME validation
Account policy should be able to block risky or unexpected file types.
Abuse handling
Public file services need a clear path for reports, takedowns, and account review.
Common questions
Are GetFileURL file URLs public?
Yes. The core product returns public URLs for downstream APIs. Use expiry and delete controls for files that should not remain public.
Should I expose my API key in a browser?
No. Keep API keys on your server, worker, backend action, or protected automation credential store.
What should I do with sensitive documents?
Use the shortest retention window that works, delete after processing, and wait for stronger policy controls before broad sensitive document use.