pangolin_mirror/docs-v2
1
0
Fork 0
mirror of https://github.com/fosrl/docs-v2.git synced 2026-04-16 06:46:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
4a07f948865af40915bf53a594536f6aff540f00
docs-v2/manage/access-control/links.mdx
Laurence 4a07f94886 docs: tighten share links user guidance
2026-03-23 10:45:21 +00:00

82 lines
2.7 KiB
Plaintext
Raw Blame History

---
title: "Share Links"
icon: "link"
description: "Create share links and use access tokens for browser or programmatic access."
---
import PangolinCloudTocCta from "/snippets/pangolin-cloud-toc-cta.mdx";
<PangolinCloudTocCta />
A share link is a special URL that grants access to one resource without requiring the recipient to sign in as a Pangolin user.
When you create one, Pangolin gives you two ways to use it:
- **Share Link**: Send this to a person. Pangolin validates the link, then redirects them to the resource.
- **Access Token Usage**: Use this only when making direct requests to the resource URL from scripts, tools, or integrations.
## Create a Share Link
From the resource authentication flow, create a share link by:
1. Choosing the target resource.
2. Adding a title if you want the link to be easy to identify later.
3. Setting an expiration, or enabling **Never expire** if the link should stay valid until you revoke it.
4. Copying the generated link or access-token details immediately after creation.
<Warning>
Anyone with the link or access token can use it. Treat both like credentials.
</Warning>
## Use the Access Token
Pangolin can accept a share-link access token in either the query string or request headers.
If you are sending access to a person, use the copied **Share Link**.
Use **Access Token Usage** only when you are calling the resource URL directly on each request.
### Query Parameter
By default, Pangolin accepts the access token in the `p_token` query parameter:
```bash
curl "https://resource.example.com/?p_token=<token-id>.<access-token>"
```
The query-string value is the token ID and token joined with a `.`.
Some deployments may use a different query parameter name.
### Request Headers
By default, Pangolin accepts these headers:
- `P-Access-Token-Id`
- `P-Access-Token`
Example:
```bash
curl \
-H "P-Access-Token-Id: <token-id>" \
-H "P-Access-Token: <access-token>" \
"https://resource.example.com/"
```
This is the same token data as the query-string form, split into two headers instead of `<token-id>.<access-token>`.
Some deployments may use different header names.
## Expiration and Revocation
- Expiring links stop working automatically when their lifetime ends.
- Non-expiring links remain valid until you delete them.
- Deleting the share link revokes both the link and its access token.
## Important Notes
- Share links are best for targeted sharing and automation, not broad long-term access.
- Share-link access does not carry per-user identity headers to the upstream app. For identity-aware upstream integrations, see [Forwarded Headers](/manage/access-control/forwarded-headers).
- For the underlying auth settings on the resource itself, see [Authentication](/manage/resources/public/authentication).
Reference in New Issue View Git Blame Copy Permalink