Provide access to non-public assets via an API endpoint that returns Signed URLs. How this is performed will vary by asset storage backend.
- Native URL Signing Support: For backends that natively support URL Signing (e.g. AWS S3, Microsoft Planetary Computer), this would be a simple return of the signed URL generated by the storage services with private access credentials accessible to the Auth Proxy server.
- Custom URL Signing Support: For storage services that do not natively support signed URLs (e.g. CloudFerro), the STAC Auth Proxy will instead generate its own signed URLs. These URLs, when accessed, will stream assets from the upstream storage backend via private access credentials accessible to the Auth Proxy server.
Provide access to non-public assets via an API endpoint that returns Signed URLs. How this is performed will vary by asset storage backend.