From the client, an authenticated call is done on the Nuxeo Platform to generate a signed URL with the following parameters:
- the document id
- the Blob xpath (default to file:content, for the main Blob)
- the expiration time of the signed URL in seconds
Only an user with at least READ permission to the document can ask for a signed URL.
Nuxeo is returning a signed URL to allow downloading the Blob such as:
The URL does not need authentication and allow anyone to download the Blob while the token is valid. The token is only valid for the expiration time specified in the first call.