Where to get the auth query param appended to fileURLs in file messages?

Getting a file message from a sendbird channel through the iOS SDK provides us with an auth query param. We also fetch chats through the http api in our backend. file messages from our backend are missing the auth query param. Is there a way we can get the query param from the backend, or get it from the iOS SDK and append it to the end of the URL manually?

hi @Gabe_Spound,

Welcome to the Sendbird Community. The authQuery param is only created for calls from the SDK. That being said, you can still retrieve a signed URL from the backend. You simply request the base URL of the file (Example: https://file-us-3.sendbird.com/c91d98c305a24d6c81cdc46d83b6ed45.png), with the Api-Token header passed. The same way you pass it to make a standard API call to our Platform API.

Hey Tyler,

I’m getting messages from v3/group_channels/<channel_id>/messages. We are supplying the API-Token header, and not getting the auth query param from the http api.

Hi @Gabe_Spound,

You need to make an explicit GET request to the file URL with the header. Which redirects you to the signed url.

Does the auth token expire?

The presigned url does have a 5 minute expiry.

When I make the get request with the api-token I get the image, but I need to get the signed URL to pass to the frontend client

Hi @Gabe_Spound,

Does the front end have access to the SDK? If so, you could utilize the users ekey to the file. Like such:

const image = sbMessage.plainUrl + '?auth=' + sb.ekey

Our iOS client does use the sendbird SDK. What is ekey a property of? i don’t see it in the docs or in the sendbird SDK.

The ekey is a property on SBDMain:

Found it. That didn’t work. the ekey doesn’t appear to be the auth token. Also tried pasting the URL in a browser to make sure, and i’m met with the same blank “Not Authorized” web page.

Edit: So this did actually work for users that are members of the channel, but part of our application is sharing pieces of chats with users that are not members of the channel, so this approach doesn’t work. I think we need to disable the auth requirement for files all together

I see. If that is the case we can definitely disable file authentication on your application. Please DM me your application ID and I can disable it.

Hi @Gabe_Spound,

I’ve gone ahead and disabled file authentication on the application you DM’d me. Please note that this only impacts future images and is not retroactive.