Security - Policies & Signatures
Filestack allows multiple ways to make sure that your files are exactly as secure as you want them. You can use security parameters with your Filepicker, FileLinks, file conversions, and any of our SDKs.
Filestack security measures are handled using a JSON that includes two things: Policy and Signature.
The Policy states which operations can be performed with the feature of the API that is being used. Policies include an expiration and optional permissions.
This means that you can create a policy that is only valid for a specific time and function.
The Signature uses a unique HMAC encoded string that is generated with your secret key and the Policy to identify the origin of the request.
Do not share your secret key or expose it in your client side code.