How to give access to anonymous users to download files

In the previous post, we discussed how to download files.

In the example, we have used an authorization token. By default, files are private to the account which created it.
What if you need to give permission to an anonymous user to download file?

Let’s see how to give access to anonymous users to download files.

First, a permission must be created with appropriate policies.
Here is an example.

mutation {
  upsert(
    values: {
      Permission: [
        {
          name: "Grant access to anonymous user"
          decisionStrategy: Unanimous
          type: "File"
          resource: "01FSRCRNZQQ41JWD6E5TS0KMRA"
          scopes: ["*"]
          operationType: Query
          operations: ["find"]
          #includeAllAccounts: true, #wildcard so all accounts can access
          policies: [
            {
              hypi: { impl: "AccountPolicy" }
              name: "Grant user anonymous access to my file"
              logic: Positive
              accounts: [{ hypi: { id: "anonymous" } }]
            }
          ]
        }
      ]
    }
  ) {
    id
  }
}
#result
{
  "data": {
    "upsert": [
      {
        "id": "01FSTW5GM8J2BV38B0V9WHJ5HN"
      }
    ]
  }
}

Just replace resource id in the above query with your own hypi.id of the File to be downloaded.

Next, Enable Anonymous Requests in the API configurations for downloading files without authorization headers.

The cURL request do not need Authorization header now.

curl --location --request GET 'https://api.staging.hypi.dev/file/01FQDYDP8681299EXZBWJXRX2Y-01FSRCRNZQQ41JWD6E5TS0KMRA.txt'