Update: As of 15th April, We have pushed the deprecation date to 15th July, 2021
In our efforts to improve the data security standards at Playment, we are making a few changes in our system and introducing new Attachment access GET API.
Today, The Pull API used for getting results for a job, returns a URL of a JSON object which contains the annotation results of a job. This URL contains multiple random UUIDs thus making it near-impossible to guess, But if someone has the URL, it can be accessed without additional authentication.
Additionally, for 2D & 3D segmentation jobs, the result JSON file (or if you're using Playment's callback URL, the callback response) contains URLs to PNG or PCD masks. These URLs are also obfuscated but accessible without authentication.
Collectively, the result JSON, PNG & PCD mask objects are called attachments.
We want to ensure that these attachments can be accessed only with authentication. On 15th July 2021, we will be making all attachment URLs private. To access these URLs we are introducing a new attachment access API. You will have to authenticate this API using your
x-api-key in the header of every call. It is the same x-api-key that you currently use with other API calls. You can get from your GT Studio dashboard.
You will need to make changes to the method where you access the attachment URLs. Going forward you should not directly access the attachment URLs. Instead, you will have to use the attachment access API.
The API will redirect to a signed URL of the attachment
After 15th July 2021, once we switch on the access restriction, if you are still directly accessing the attachment URLs, you will start receiving an
AccessDenied error from s3 and will not be able to access the attachment.