Public sharing
Public sharing allows a resource to be shared with consumers who don't otherwise have access to the resource, for example because they are not registered on the HxDR platform. For this example, we will look at grouped assets. Sharing other resources works the same way.
Resources are shared using a sharing code. This code can be generated by a user who has access to the resource, and had the CAN_PUBLIC_SHARE
project capability. Revoking a sharing code has the same requirements.
Creating a sharing code
A sharing code can be created on a grouped asset using the following mutation
mutation {
shareGroupedAsset(groupedAssetId: "a8390ba8-23af-48fa-97dd-79abd944fa2f") {
__typename
... on SharingCodeOutput {
sharingCodeId
}
... on BaseAcsErrorInterface {
message
}
}
}
The reply will contain the sharing code:
{
"data": {
"shareGroupedAsset": {
"__typename": "SharingCodeOutput",
"sharingCodeId": "c6dab346-f791-4658-a58b-fe132c0f4382"
}
}
}
This sharing code can now be shared publicly. This can for example be done in a URL parameter.
Using a sharing code
When a user tries to access a publicly shared asset, the client must first convert the sharing code into an authorization signature. The following query does not require the authorization header:
query {
sharedGroupedAsset(sharingCodeId: "c6dab346-f791-4658-a58b-fe132c0f4382") {
__typename
... on SharedGroupedAssetOutput {
id
auth
}
... on BaseAcsErrorInterface {
message
}
}
}
The response will contain the shared grouped asset ID in the id
field, as well as the authorization signature in auth
.
{
"data": {
"sharedGroupedAsset": {
"__typename": "SharedGroupedAssetOutput",
"id": "a8390ba8-23af-48fa-97dd-79abd944fa2f",
"auth": "ff8iyYJWRDfen_BbTTW8YR3[...]akfs5OI"
}
}
}
With this information, the grouped asset can be retrieved. The string returned in auth
should be prefixed with Signature
(must start with capital S), and put in the Authorization
header:
{
"Authorization": "Signature ff8iyYJWRDfen_BbTTW8YR3[...]akfs5OI"
}
for the following query (any additional fields of GroupedAssetOutput
can be requested)
query {
asset(groupedAssetId: "a8390ba8-23af-48fa-97dd-79abd944fa2f") {
__typename
... on GroupedAssetOutput {
name
}
... on BaseAssetErrorInterface {
message
}
}
}
Revoking shared access
To revoke public access to a shared grouped asset, the following mutation shall be used:
mutation {
unshareGroupedAsset(groupedAssetId: "a8390ba8-23af-48fa-97dd-79abd944fa2f") {
__typename
... on UnsharedGroupedAssetOutput {
result
}
... on BaseAcsErrorInterface {
message
}
}
}
result
will be true if a sharing code has been deactivated, and false otherwise (e.g. in the case where no active sharing codes exist).
After deactivation of a sharing code, trying to access a grouped asset with an existing signature will result in a AssetErrorResourceAccessDeniedOutput
, and trying to create a new signature with the deactivated sharing code will result in a AcsErrorEntityNotFoundOutput
.
JS-SDK reference
Account
Account Services
Assets
HxDR Assets