Getting Started

Filestack Architecture

File Upload

File Export (Save To)

Responsive Images

Image Transformations

Document Transformations

Video Transcoding

Audio Transcoding





Filestack Viewer


Supported Cloud Drives

Filestack Recipes

Filestack Integrations

Filestack SDKs

Register for an API key

Security Overview

The Filestack files framework is designed to be powerful and easy to use. Protecting your data as well as data of our users is a top concern of ours. Here, we'll talk about how security works at Filestack and additional steps that you can take to be even more cautious.

Since javascript is run client side, options like the max file size can be modified by your users. Filestack allows you to control this in two ways.

Use without server side code

You can set the maximum file size allowed in your developer portal (in the security section) to prevent user tampering with the values. This will mean that regardless of what the client says the max size is, the Filestack will not allow a file larger then the value in your developer portal.

Use with server-side code

Using Filestack file policies, you can specify and grant access to your users.

This scheme is based on secret key security where Filestack and you have a shared secret that you can access in your developer portal. Do not share this. Do not store this secret on the client. Having access to this secret is what identifies you.

The policies define what the user can and cannot do. These are time based, where you set an expiration date, and not single use. It allows for interesting use cases. For example, if you want people to be able to read the Filestack file urls, but not write to them, create a policy that only allows read and expiries in 100 years. It does mean that you should also be careful about how you distribute your policies as they can be reused. If you do not wish them to be reused, setting a short expiration period will partly address this concern.