GET CONSULTING SUPPORT

Sign Up Free
Log In

Filestack Technical Glossary

Comprehensive reference for Filestack platform architecture and services

FS Glossary

Security Policies

Security

Configuration rules that define access permissions, upload restrictions, and processing limitations for Filestack services.

Policy Structure

A Security Policy is a JSON object that explicitly defines a set of permissions and must contain an expiry key (Unix timestamp) making all policies inherently short-lived.

Policy Components

  • expiry: Unix timestamp for policy expiration
  • call: Allowed API actions (read, remove, convert)
  • handle: Restrict operations to specific files
  • path: Control upload destinations
  • maxSize: File size limitations

Signature Generation

Policies are signed using HMAC-SHA256 with the application’s secret key. The signature validates the policy’s authenticity and prevents tampering.

Best Practices

  • Generate short-lived, narrowly-scoped policies
  • Use server-side signature generation
  • Never expose secret keys in client code
  • Implement proper token refresh mechanisms

📚 Filestack Documentation

Learn more about Security Policies in the official Filestack documentation:

🔗 View Official Security Policies Documentation ↗

Related Terms

Domain Whitelists

Network-level security layer controlling service access by domain.

API Key

A unique identifier used to authenticate requests to Filestack’s API services.

Custom CNAME

Premium feature enabling custom domain branding for asset URLs.

Handles

Unique alphanumeric identifiers assigned to every uploaded file.

← Back to All Terms