mirror of
https://github.com/fosrl/docs-v2.git
synced 2026-04-16 06:46:42 +00:00
81 lines
3.0 KiB
Plaintext
81 lines
3.0 KiB
Plaintext
---
|
|
title: "Share Links"
|
|
icon: "link"
|
|
description: "Create share links and use access tokens for browser or programmatic access."
|
|
---
|
|
|
|
import PangolinCloudTocCta from "/snippets/pangolin-cloud-toc-cta.mdx";
|
|
|
|
<PangolinCloudTocCta />
|
|
|
|
Share links let you grant access to a resource without provisioning a full user account or changing the resource's main authentication settings.
|
|
|
|
Use them when you need temporary access, simple external sharing, or token-based requests from scripts and integrations.
|
|
|
|
## Create a Share Link
|
|
|
|
From the resource authentication flow, create a share link by:
|
|
|
|
1. Choosing the target resource.
|
|
2. Adding a title if you want the link to be easy to identify later.
|
|
3. Setting an expiration, or enabling **Never expire** if the link should stay valid until you revoke it.
|
|
4. Copying the generated link and token details immediately after creation.
|
|
|
|
<Warning>
|
|
Anyone with the link or access token can use it. Treat both like credentials.
|
|
</Warning>
|
|
|
|
## Use the Access Token
|
|
|
|
Pangolin can accept a share-link access token in either the query string or request headers.
|
|
|
|
The copied share-link URL is not the same as the access-token usage examples:
|
|
|
|
- The share link shown when you create it is a Pangolin-managed link that takes the user through Pangolin's share flow and then redirects them to the resource.
|
|
- The access-token usage examples below send the token directly to the resource URL on every request.
|
|
|
|
### Query Parameter
|
|
|
|
By default, Pangolin accepts the access token in the `p_token` query parameter:
|
|
|
|
```bash
|
|
curl "https://resource.example.com/?p_token=<token-id>.<access-token>"
|
|
```
|
|
|
|
The query-string value is the token ID and token joined with a `.`.
|
|
|
|
If you changed `resource_access_token_param` in the config file, use that parameter name instead.
|
|
|
|
### Request Headers
|
|
|
|
By default, Pangolin accepts these headers:
|
|
|
|
- `P-Access-Token-Id`
|
|
- `P-Access-Token`
|
|
|
|
Example:
|
|
|
|
```bash
|
|
curl \
|
|
-H "P-Access-Token-Id: <token-id>" \
|
|
-H "P-Access-Token: <access-token>" \
|
|
"https://resource.example.com/"
|
|
```
|
|
|
|
This is the same token data as the query-string form, just split into two headers instead of `<token-id>.<access-token>`.
|
|
|
|
If your deployment uses custom header names, send those instead of the defaults.
|
|
|
|
## Expiration and Revocation
|
|
|
|
- Expiring links stop working automatically when their lifetime ends.
|
|
- Non-expiring links remain valid until you delete them.
|
|
- Deleting the share link revokes both the link and its access token.
|
|
|
|
## Important Notes
|
|
|
|
- Share links are best for targeted sharing and automation, not broad long-term access.
|
|
- Share-link access does not carry per-user identity headers to the upstream app. For identity-aware upstream integrations, see [Forwarded Headers](/manage/access-control/forwarded-headers).
|
|
- For the underlying auth settings on the resource itself, see [Authentication](/manage/resources/public/authentication).
|
|
- For the self-hosted config fields behind these defaults, see [Config File](/self-host/advanced/config-file#resource_access_token_param).
|