POST 'private' file via API

I have been struggling with an issue already for a long period.

In my app i want all files to be hidden from public; privacy rules :white_check_mark:

The challenge however is when i want users to use an API (POST) to send the file to an external service, the file is not accessible via the external API…

I have seen some posts where you append the fileURL with a Bubble API key you can create however sending API keys to external services is not really secure…

I tried a work around of storing the files in my own AWS S3 and then use a plugin to create AWS presigned URLs. When i put these in the API post request on the file, the file is indeed securely transfererd however this solution is not desired for two reasons;

  1. adding complexity (no need for additional S3)
  2. adding vulnerability (i need to rely on my own S3 configuration skills… there is a reason i’m using Bubble :wink:)
  3. the file is saved by the external service based on the last parameter in the URL rather than the filepath in the URL… This causes issues with type identification (which is not based on MIME) and the abaility to identify files in the external service.

Adding a proxy service may be a solution but then again (see 1 and 2…)…

Is there an easier way to keep the files secured in the Bubble S3 but with an option to access them when i trigger the API Post file call?

Thanks!!