Public url after document generation


I'm doing some tests generating files from docx with plumsail documents.
The problem I'm having right now is the url's containing the documents after generation being public.
The documents we intend on generating contain confidential info, so they cannot be publicly available, even if it is just for 24h.
Is there anyway to generate documents and store them somewhere private?


Hi @Humberto_Antunes,

We'll discuss your request and check if we can improve this.

I'll keep you posted about the results.

Best regards,
Plumsail team

Hi @Humberto_Antunes,

The link has SAS protection and only a person with SAS signature in the link can access the content. This signature is only shared to a person who generated the document.
So, we consider it secure. Please also check the Microsoft documentation about SAS.

Best regards,
Plumsail team

Hi @Petr,

I don't think this is correct, as an example I shared the url with a colleague, who was able access the file in an anonymous browser window.
My concern, is that if someone manages to get their hands on this Url's on that 24h period, they will be able to access the files.


Yes, you can access the document by link with SAS signature in the URL parameter.

The URL to the file name itself is a unique ID. As an addition, it has the SAS signature, which is also a unique string. So, there are two unique strings, changing every time you create a new document.

There is no way somebody can guess this URL. Unless you intentionally share this URL with somebody. Which is equal to sharing the document itself via any other channels. For example, email.

There are two strings, unique for the generated document. If we follow the logic that if somebody knows these two strings, they can access the file, then we could follow the same logic with your login and password. If somebody knows your login and password, they can access your data.

If we look from this point of view, this link with two unique strings, changing every time you generate a document and valid for limited period of time are more safe than your login and password combination.