Sharing and downloads
Signed URLs and security
The 5-minute TTL, checksum binding, and why signed URLs protect your assets.
The 5-minute TTL, checksum binding, and why. Every asset file served by boveDAM is delivered via a signed URL — a time-limited, cryptographically authenticated URL that cannot be guessed, reused, or shared beyond its validity window.
How signed URLs work
When a client requests an asset preview or download, boveDAM generates a signed URL on the fly. The URL contains:
- The storage path of the file.
- A timestamp marking when the URL was issued.
- An expiry timestamp (TTL = 5 minutes from issuance).
- A SHA-256 HMAC signature derived from the path, the expiry, and a server-side secret key.
The file server validates the signature and expiry before serving the file. If either check fails, the server returns 403.
Checksum binding
The HMAC is bound to the exact storage path — it cannot be modified to request a different file. A signed URL for /assets/abc123/logo.svg cannot be altered to serve /assets/xyz789/confidential.pdf.
Why 5 minutes
Five minutes is long enough to complete a download but short enough to prevent link sharing. If a client copies a download URL from their browser and sends it to someone else, the link is already expired by the time it arrives.
Implications for portal visibility
Even public portals use signed URLs for file delivery. A public portal makes it easy to reach the portal landing page, but file access still requires a fresh signed URL for each download. There is no way to "hotlink" a boveDAM asset URL permanently.