BuzstorageBy DOHTECH
Buztransfer
Solutionsarrow_drop_down
Startups
Documentation
Pricing
Blog
Support
Login
Getting Started
  • Overview
  • Quick Start
Categories
  • API Keys
  • Buztransfer
  • Video & Streaming
  • Digital Asset Mgmt
  • Private Files & Folders
  • Media Transformations
  • Developer Experience
  • Security & Infrastructure

Private Files & Folders

Secure sensitive assets with authenticated access, AES-256 encryption, and on-the-fly DRM watermarking.

Private Folders

By default, assets uploaded to BuzStorage are public, meaning they can be delivered securely via our global CDN using their logical objectKey. However, when you need strict access control (e.g., for user KYC documents, legal contracts, or internal assets), you should use a Private Folder.

Creating Private Folders

To make a folder private, simply pass "isPublic": false when creating it via the POST /v1/folders endpoint, or toggle it on in the BuzStorage Dashboard. Any file placed in a private folder is automatically restricted.
curl -X POST https://api.buzstorage.com/v1/folders \
  -H "Authorization: Bearer <ACCESS_KEY_ID>:<SECRET_ACCESS_KEY>" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "confidential",
    "isPublic": false
  }'

Response Example

{
  "id": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
  "name": "confidential",
  "isPublic": false,
  "createdAt": "2026-06-17T12:00:00.000Z"
}

Private Files & Retrieval

In addition to locking down entire folders, you can set privacy controls on a per-file basis during upload. This is useful when you have a mix of public and private assets residing in the same folder.

Public vs Private Retrieval

Public Files (Unauthenticated & Authenticated)

Can be fetched via their UUID just like private files, OR they can be accessed by anyone without authentication via the global CDN using the logical folder path. Perfect for website assets.

GET https://api.buzstorage.com/api/v2/transform/<appName>/<objectKey>
Private Files (Strictly Authenticated)

Must be fetched using their exact UUID and require an active API Key via the Authorization header. Unauthorized requests are strictly rejected.

curl -X GET "https://api.buzstorage.com/v1/files/<id>/content" \
  -H "Authorization: Bearer <ACCESS_KEY_ID>:<SECRET_ACCESS_KEY>"

Default Privacy

By default, file uploads are marked as private unless explicitly specified. To explicitly upload a private file, ensure that isPublic=false is sent in the multipart/form-data payload, or simply omit the field.
curl -X POST https://api.buzstorage.com/v1/files/upload \
  -H "Authorization: Bearer <ACCESS_KEY_ID>:<SECRET_ACCESS_KEY>" \
  -F "file=@/path/to/secret-doc.pdf" \
  -F "isPublic=false"

Response Example

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "objectKey": "secret-doc.pdf",
  "originalName": "secret-doc.pdf",
  "mimeType": "application/pdf",
  "isPublic": false,
  "visibility": "private",
  "createdAt": "2026-06-17T12:00:00.000Z"
}

Digital Rights Management (DRM)

To protect digital assets from unauthorized access, hotlinking, and piracy, BuzStorage provides robust Digital Rights Management (DRM) features natively. These capabilities are designed to secure your private media without incurring expensive third-party DRM licensing fees.

Zero-Cost HLS AES-128 Encryption

BuzStorage leverages native HLS AES-128 encryption to secure video streams. When you upload a private video with advancedEncryption: true, our background workers dynamically generate secure AES keys and encrypt the video segments on the fly during Adaptive Bitrate (HLS) transcoding. This ensures your video files are fully protected both at rest and in transit.

Domain Restriction (Hotlink Protection)

Ensure that your videos can only be played on authorized websites. By configuring your allowedOrigins in the App Settings, BuzStorage will enforce strict Referer and Origin header checks. Even if a signed URL leaks, the stream will be blocked if embedded on an unauthorized domain.

How to Retrieve Protected Media

To stream a DRM-protected video, you must generate a signed playback URL containing the following required query parameters:

  • cid: Your unique Company ID
  • expiry: The Unix timestamp when the signed URL expires
  • sig: A cryptographic HMAC-SHA256 signature validating the request

Example Manifest URL:

GET https://api.buzstorage.com/api/proxy/v1/videos/<fileId>/manifest?cid=YOUR_COMPANY_ID&expiry=1718816822&sig=ab12cd34...

DRM Watermarking

Prevent unauthorized use of your application's private images by automatically stamping them with a Digital Rights Management (DRM) watermark. When enabled, BuzStorage uses Just-In-Time processing to composite your predefined watermark logo over the image before delivering it to the client.

How to Enable

You can enable DRM Watermarking via the BuzStorage Dashboard folder settings, or by passing "isWatermarkEnabled": true during folder creation. You can also update existing folders using the PUT /v1/folders/:folderId/watermark endpoint.
PreviousDigital Asset Mgmt
NextMedia Transformations
BuzstorageBy DOHTECH

Distributed enterprise storage engineered for scale. Secure, zero-knowledge architecture for the modern web.

Solutions

Developers

Resources

Company

© 2026 DOHTECH SOLUTIONS GROUP | Buzstorage

PrivacyTermsDeveloper
99.9% Uptime
AES-256 Verified