How to allow another service access to private files? (Trying to use filepreviews.io to preview docs privately saved in app)

Hi all

I’ve seen many people on this forum looking for a way to preview .pdf/.docx etc. files stored in their Bubble apps in the browser (see links below).

Most of the solutions rely on embedding Google or Microsoft’s file viewer via an iframe (FYI this is a good resource for that) or using Zeroqode’s plugin. However, those solutions do not work for private files (i.e. the url to the file you want to preview is hidden from the web with Bubble’s Privacy Roles).

I’m trying to securely send my private Bubble files to FilePreviews.io via their API (and Bubble’s API connector) to generate the previews, but I don’t know how to give FilePreviews access to my files. I have the API calls working when the files are public (see images below), but not when private.

FilePreviews told me:

“we need to be able to download the file from the URL you give us. For example, if the file is hosted on S3 and it’s ACL is set to private, you’ll need to send us the URL signed for temporary access”

Does anyone know what do I need to do?

  1. Open up my app via API (not the API Connector) to FilePreviews?
  2. Somehow grant FilePreviews access another way? e.g. through the Privacy Roles themselves (I doubt this)
  3. Somehow do that FilePreviews said re giving them “temporary access” (probably along these lines, though I doubt that’s something we have access to from inside Bubble).

If someone can help me crack this, I’d be happy to post a step by step of how to set up FilePreviews.io with Bubble to help others.

Many thanks
Travis

Bubble API Connector calls working successfully when the files are public, but not when private:

Bubble forum posts discussing previewing files:

@romanmg solved a similar problem for me.

Thanks @robert for tapping in @romanmg. Gaby, I really appreciate all your many helpful posts and videos on the forum. I’m looking forward to hearing your thoughts on this one if you get the time.

Hi @tmonczko, if the external service is able to send a Bearer token with its request, then it can access your data as an admin.

You generate API Keys (tokens) in Settings > API

See this from Bubble’s reference: Introduction - Bubble Docs

For example, your API Connector screenshots show a setup using Basic Auth, and you’re using a public file. Now, change the Authentication to “Private Key in Header”.

Key Name = Authorization
Key Value = Bearer [API Key]

Try that out.


Cheers,
Gaby

Coaching No Code Apps
Join our Facebook group for insider access to no-code development
Get professional development services
Enroll in expert-led courses and products

6 Likes

Hi @romanmg

Thanks for your comments!

It turned out that FilePreviews.io is not currently able to specify custom headers for the download request. However, they suggested trying putting the api_token = directly into the url of the download request and that has worked, i.e.:

I saw in @JustinC’s helpful post How To Setup API Authentication? that he said this method is not recommended because it’s less secure.

After doing some research, I understand that you’d never want to use this method where the URL is being exposed to the user’s browser. However, where the URL is only being used between apps directly via their APIs over https, then it can be acceptable. I will run this past a professional before I implement it and write a post telling others it’s the solution.

Cheers
Travis

2 Likes

Hello @tmonczko!

I’d love to setup a preview capability with FilePreviews.io, are you still able to put down a rough step-by-step for some guidance on this? :slight_smile:

Thank you!

To allow other people to access the file under Privacy settings of that datatype for Everybody check the “view attached files” field.