Different appwrite IDs are getting exposed in the file url.

File_URL_FORMAT= https://cloud.appwrite.io/v1/storage/buckets/[BUCKET_ID]/files/[FILE_ID]/preview?project=[PROJECT_ID]

I'm trying to access files in my web app. The requested files are coming from the URL in the given format above which is exposing my projectId and Bucket id. Is this a good idea to expose them. If not how can I avoid them without using any proxy.

TL;DR

Developers are concerned about exposing Appwrite IDs in file URLs. A suggestion was made to use headers like `X-Appwrite-Project` instead of including IDs in the URL. However, it was noted that headers can be easily checked via Dev tools or a MITM Proxy. The File URL Format was provided as an example. Avoid exposing IDs in URLs for security reasons.

It's fine

You can use headers (X-Appwrite-Project) if you don't like the Project ID in the URL itself. Mind you that those headers can be easily checked via just a few clicks to Dev tools > Network tab or via a MITM Proxy.

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more

Recommended threads

Need support?

Join our Discord

Get premium support