Protected client API and security

At the moment all content is public. We are still gathering requirements around protected content. If you have specific requirements we'd love to hear them and I can pass them along to our product managers.

 

Hi @hadrien_n , I'm the product manager for CCD. We've finally gotten around to private content. We're brainstorming a few solutions and would love to get your thoughts:

• Option 1 would be to provide bucket level access keys. Only users with the access keys would be able to retrieve content from CCD. We imagine this to be similar to how Github allows users to generate keys.
• Option 2 would be to support an IP whitelist per bucket (screenshots below). Only IPs on the list would be able to access content from CCD. We imagine this solution would be in addition to Option 1.

Would either of these solutions work for your needs? Is the bucket level the right level for security?

 

Hi @CineTek, we're implementing bucket level access keys. It seems that this would fit your use case. You can generate an access token that protects a private bucket. You can easily re-generate and update your clients if it gets compromises.

The only issue I can see is if you wanted to create an access token per user, which may not play well with our caching.

Do you have a sense for how many access tokens you might need to generate?

 

Hi @CineTek, in case you missed the announcement on the main forum, we've launched Private Buckets! Private buckets protect read access to buckets with an access token, so that only those users with that access token can retrieve content from that bucket. Let us know if you have any feedback!