In the previous post, we discussed how to download files.
In the example, we have used an authorization token. By default, files are private to the account which created it.
What if you need to give permission to an anonymous user to download file?
Let’s see how to give access to anonymous users to download files.
First, a permission
must be created with appropriate policies.
Here is an example.
mutation {
upsert(
values: {
Permission: [
{
name: "Grant access to anonymous user"
decisionStrategy: Unanimous
type: "File"
resource: "01FSRCRNZQQ41JWD6E5TS0KMRA"
scopes: ["*"]
operationType: Query
operations: ["find"]
#includeAllAccounts: true, #wildcard so all accounts can access
policies: [
{
hypi: { impl: "AccountPolicy" }
name: "Grant user anonymous access to my file"
logic: Positive
accounts: [{ hypi: { id: "anonymous" } }]
}
]
}
]
}
) {
id
}
}
#result
{
"data": {
"upsert": [
{
"id": "01FSTW5GM8J2BV38B0V9WHJ5HN"
}
]
}
}
Just replace resource
id in the above query with your own hypi.id
of the File
to be downloaded.
Next, Enable Anonymous Requests
in the API configurations for downloading files without authorization headers.
The cURL request do not need Authorization header now.
curl --location --request GET 'https://api.staging.hypi.dev/file/01FQDYDP8681299EXZBWJXRX2Y-01FSRCRNZQQ41JWD6E5TS0KMRA.txt'