Secured way to enable a public URL(Anonymous) to access document

Hi Experts,   Looking for a secured solution to create public URL for customers to download file stored in private S3.Required file mapping and S3 connection is stored and happening in the backend application. Basically, once file is uploaded, we will get a document ID, this is enough for backend service to download from S3.Here we need to expose a URL to reach till this logic and download file, for anyone with URL.    Current design: Opening a Deep link handler for anonymous and pass in encrypted document id (AES encryption) I can even store this in Mendix and generate UUID instead of doc ID)  Decode the doc ID, call document API’s download file.   Please let me know how much secured this approach is, I am still not convinced to enable an anonymous role in application.   Regards, Harisanker B
1 answers

Hi Harisanker,

Your current design seems already quite nice. I'm also hesistent in allowing anonymous users into a Mendix app, so I'd like to share an alternative here.

You could publish an API using the Published REST Service functionality. Large parts of your current setup can be reused, as you still need the binary within Mendix as FileDocument. See this documentation where Mendix describes a CMS system in Mendix, which is somewhat similar to your needs.

You can add any path or query parameter for the full security. My recommendations:

  • If possible, make it a one-time link (audience = 1 person, which may download it once)
  • If possible, limit the time the link is available

See for more deepdive into using obfuscated URLs for confidential data here.

Good luck!