Sharing
Short-lived signed URLs, and the audit log that records every access.
Sharing in Axerity is link-based and short-lived. There are no shareable "view forever" links and no public buckets.
Signed URLs
Every download URL is freshly signed by our server and expires after 5 minutes. Two ways to get one:
- Open a file (double-click or context menu → Open) — generates a signed URL and navigates to it.
- Copy link (context menu) — generates a signed URL and puts it in your clipboard.
Either way, the URL works exactly once for a window of about 5 minutes,
then becomes a 403 Forbidden. There is no way to extend it — you
generate a new one.
What this means for sharing externally
If you want to send a file to a vendor, contractor, or accountant:
- Copy link.
- Paste it into the email/Slack/wherever.
- They click it and download.
If they sit on the link for an hour, it'll be expired by the time they click — they'll come back to you, and you'll generate a fresh one. This is intentional. Files containing financial data shouldn't be out in the wild with multi-day download links.
Audit log
Every download (and upload, rename, move, delete) writes an append-only audit row. The log includes:
- Who accessed it (user ID).
- When (timestamp).
- What action (UPLOAD / DOWNLOAD / RENAME / MOVE / DELETE).
- Metadata specific to the action.
The log survives even if the file itself is deleted — the row's file-pointer goes null, but the metadata stays. Useful for "who downloaded the contracts folder last Tuesday" questions.
(The in-app reader for this is on the roadmap. For now, audit log is
queryable via GET /api/v1/audit_log.)
→ Security