M
by Moult on 5 Aug 2021, edited 10 Aug 2021
#
+6 votes
So it turns out that if you download a file from BIM360 (any file, PDFs, IFCs, Revit files) the download link it generates is publicly accessible and doesn't require any authentication. Here's an example:
https://developer.api.autodesk.com/oss/v2/signedresources/5707f4f9-8050-406a-9b8b-c14a9940b8fa?region=US&response-content-type=application%2Foctet-stream
UUID collision is obviously very low, but just a heads up don't share these links since the public can access them. It's pretty unlikely but probably worth mentioning. I don't know if these links expire either, so we'll find out.
H
by htlcnn on 6 Aug 2021
#
Not found now
{"reason":"Signed Resource not found"}
M
by Moult on 6 Aug 2021
#
Yes, it seems to have an expiry period, which makes sense :)
I
by infeeeee on 10 Aug 2021
#
Timeout is just 1 hour, and it generates a different UUID for the same file for a new download, even when the old url is still available
M
by Moult on 10 Aug 2021
#
@infeeeee yes that matches my observation too.