The Filestack files framework is designed to be powerful and easy to use. Protecting your data as well as data of our users is a top concern of ours. Here, we'll talk about how security works at Filestack and additional steps that you can take to be even more cautious.
You can set the maximum file size allowed in your developer portal (in the security section) to prevent user tampering with the values. This will mean that regardless of what the client says the max size is, the Filestack will not allow a file larger then the value in your developer portal.
Using Filestack file policies, you can specify and grant access to your users.
This scheme is based on secret key security where Filestack and you have a shared secret that you can access in your developer portal. Do not share this. Do not store this secret on the client. Having access to this secret is what identifies you.
The policies define what the user can and cannot do. These are time based, where you set an expiration date, and not single use. It allows for interesting use cases. For example, if you want people to be able to read the Filestack file urls, but not write to them, create a policy that only allows read and expiries in 100 years. It does mean that you should also be careful about how you distribute your policies as they can be reused. If you do not wish them to be reused, setting a short expiration period will partly address this concern.