Debugging Security Policies

Before you turn on security, you can debug your signature and security policy with the /debug/security endpoint.

To debug different calls, you can append the call as a query parameter, e.g. &call=read.

The debug security endpoint only confirms whether your policy and signature are valid for accessing a file or performing the action you want which could be a transformation or a store call.

Verify the Encoded Policy and Signature

You can also visit the App Secret section of your developer portal. There you can verify your signature and policies against our calculated values.

To debug the following URL:

https://www.filestackapi.com/api/file/KW9EJhYtS6y48Whm2S6D?signature=4098f262b9dba23e4766ce127353aaf4f37fde0fd726d164d944e031fd862c18&policy=eyJoYW5kbGUiOiJLVzlFSmhZdFM2eTQ4V2htMlM2RCIsImV4cGlyeSI6MTUwODE0MTUwNH0=
          

Append the following to the base URL /debug/security?signature=[signature]&policy=[policy]

https://www.filestackapi.com/api/file/KW9EJhYtS6y48Whm2S6D/debug/security?signature=4098f262b9dba23e4766ce127353aaf4f37fde0fd726d164d944e031fd862c18&policy=eyJoYW5kbGUiOiJLVzlFSmhZdFM2eTQ4V2htMlM2RCIsImV4cGlyeSI6MTUwODE0MTUwNH0=
          

The response from the above debug URL will be:

Access Granted
          

This confirms that the policy is valid to access this file. This particular policy we are debugging provides access to all calls for this specific handle (by omitting any specific call in the policy, it allows all calls).

This is the JSON policy: {"handle":"KW9EJhYtS6y48Whm2S6D","expiry":1508141504}

So, we can check if the policy has permission to convert the file like this:

https://www.filestackapi.com/api/file/KW9EJhYtS6y48Whm2S6D/debug/security?signature=4098f262b9dba23e4766ce127353aaf4f37fde0fd726d164d944e031fd862c18&policy=eyJoYW5kbGUiOiJLVzlFSmhZdFM2eTQ4V2htMlM2RCIsImV4cGlyeSI6MTUwODE0MTUwNH0=&call=convert
          

And the response will be:

Access Granted