Wanna Download? Get Your Signed URLs Here

The new features that  a Bintray Premium account exposes are exactly what you need for commercial software distribution. Private repositories, fine-grained permission management, storage-as-you-go and much more.  Private repositories are a great way to control who can access your artifacts, but what happens if you want to give someone limited access to a specific artifact. Sort of a “one-off” download. Signed URLs is the answer.

What’s a Signed URL?

Generally, artifacts you store in a private repository are hidden from unauthorized Bintray users. A Signed URL is a unique URL you can generate to expose your artifact for download by anyone you provide it to, whether they have a Bintray account or not. To keep you in control, you can specify a time limit after which the URL expires, or revoke any outstanding URLs at any time.

How do you Sign a URL?

Every premium account in Bintray comes with a unique pair of internal private and public keys which are used to encrypt and decrypt the URLs that you sign. The standard download link for a file called artifactory.rar, stored in a private repository called artifactory, and owned by a user called srubin is:
https://dl.bintray.com/srubin/artifactory/com/jfrog/artifactorypro/artifactory.rar
Since the file is private, only authorized users can access it for download.

To generate a signed URL for limited download of this file, you can use a simple REST API call:

curl -XPOST –usrubin:APIKEY “https://api.bintray.com/signed_url/srubin/artifactory/com/jfrog/artifactorypro/artifactory.rar”

Response:

{
“url”:”https://dl.bintray.com/srubin/artifactory/com/jfrog/artiafctorypro/artifactory.rar?expiry=1415101346415&
signature=BfRaL2HDbCDsPyPThAnlI%2B0TG26NcH4i0ugyKZ%2FjevLiNfEdHXyUh0Q1NNGc1Pz7V1nZkeh9RAafrUyUE%2FMOFQ%3D%3D”
}

By default, the URL is valid for 24 hours,  but we can change that by specifying an expiry date and time (in milliseconds) in a simple JSON configuration document:

curl -XPOST –usrubin:APIKEY  -H “Content-Type: application/json”  -d “{“expiry”:7956915742000}” https://api.bintray.com/signed_url/srubin/artifactory/com/jfrog/artiactorypro/artifactory.rar”

Response:

{
“url”:”https://dl.bintray.com/srubin/artifactory/com/jfrog/artiactorypro/artifactory.rar?expiry=7956915742000& 
signature=g5OC3RXkFhnnFYfsgqFXw9J%2FfmwCzeIsd%2FHCRgm5VjCAhrzij1GPuAv0JwZPhGD0mEqs1y2WcQ77LMrDzp9%3D%3D”
}

More details about this API can be found in the Bintray REST API documentation.

Summary

That’s all it takes. A simple API call lets you generate signed, limited-time URLs so you can provide limited download availability of any file you store in your private repositories to anyone. Stay tuned to see what we have in store for you. Things will just keep getting cooler.