Private Files in RG - Unauthorized?

Hi There,
Showing PRIVATE image files using “api_token” in a RG.
When I look to console, I get a hundred unauthorized messages…
My gess, it tries to load, and in a second or third try it completes…
How to deal with that?

What is the data source for the RG? And the image element data source? You shouldn’t need to put the API key in the image URL that sounds like a bad idea

You are absolutely right !!! Tks for pointing out !!!

It is a private file containing images…
If I take api_token off, images does not appear…
Is there any other way?

You should point to the thing’s [image/file field], and check privacy rules maybe they are blocking the user from seeing the image. Also make sure you are logged in while testing

If I use api_token in imageUrl, it appears…
If I don’t, it does not appear…
Privacy rules are ok.

My images were saved using backend plugins

They usually result in “no user”, but attached to the right user…

Any clue why it appears with api_token, and why not if I don’t use it?

They don’t look like they attached to a Thing correctly.

The API token method isnt good because that’s just an admin token you are exposong to your users… that token is full access to your app for API calls and stuff

The question is…
To show a private file you have to use https://ImageUrl?api_token=
So, why I’ve got console error?


Don’t do that… if you do that, anyone can have full admin access to your app, all of its data, and can wipe any data they want. Do not do this.

1 Like

Tks @georgecollier ,
How to show private images? Not an easy way?
Tks again…

Private files should automatically work if the file is properly attached to the database thing, and privacy rules allow it. But your screenshot shows it’s attached with “no_user” so you have something wrong with how you’re attaching it.