Overview

To access Quartr’s resources (audio files, documents, etc.), you need to use signed cookies. These cookies are a security requirement that ensures only authenticated users can access our content. All requests must be made over HTTPS.

Signed cookies consist of three components:

  • CloudFront-Key-Pair-Id: Identifies the public key for validating the signature.
  • CloudFront-Policy: Defines access permissions like resource paths, expiration times, and IP restrictions.
  • CloudFront-Signature: Verifies that the policy hasn’t been tampered with.

Why Are These Cookies Important?

  1. Authentication: Ensures requests come from verified sources.
  2. Authorization: Enforces specific access rules (time-limited, IP-restricted).
  3. Security: Protects against unauthorized modifications.

How to Access Resources

To access our resources, follow these steps:

  1. Get the signed cookies using our /v3/cookies endpoint.
  2. Include these cookies in your requests when accessing resources.

Example Implementation

# Step 1: Get the cookies
curl -X GET "https://api.quartr.com/public/v3/cookies" \
  -H "x-api-key: YOUR_API_KEY"

# Step 2: Use the cookies to access resources
curl "https://files.quartr.com/your-resource-path" \
  -H "Cookie: CloudFront-Key-Pair-Id=YOUR_KEY_PAIR_ID; CloudFront-Policy=YOUR_POLICY; CloudFront-Signature=YOUR_SIGNATURE"
  • YOUR_API_KEY: This is your unique API key provided by Quartr. It authenticates your application when requesting signed cookies.
  • YOUR_KEY_PAIR_ID: Identifies the public key used to verify the signature. This key is managed securely within Quartr’s infrastructure.
  • YOUR_POLICY: Encodes access permissions like expiration times, allowed IPs, and resource paths. This ensures that even if cookies are intercepted, they can’t be misused.
  • YOUR_SIGNATURE: A cryptographic signature that ensures the policy hasn’t been altered after being issued.

Troubleshooting

If you receive a 403 Forbidden error when accessing resources:

  • Verify your API key is valid.
  • Ensure you’ve obtained fresh cookies from the /v3/cookies endpoint.
  • Check that you’re including all required cookies (CloudFront-Key-Pair-Id, CloudFront-Policy, and CloudFront-Signature).
  • Ensure your requests use HTTPS to maintain security.

FAQs

Why do I need to refresh cookies periodically?

Cookies have expiration times defined in the policy to reduce security risks. After expiration, you must request new cookies.

Can I reuse the same cookies across multiple resources?

Yes, as long as the policy permits access to those resources and hasn’t expired.

Tampering invalidates the signature, causing the server to reject the request with a 403 Forbidden error.

Was this page helpful?