Attachment Access API

Changes to Pull API & new Attachment Access API

Update: As of 15th April, We have pushed the deprecation date to 15th July, 2021

In our efforts to improve the data security standards at Playment, we are making a few changes in our system and introducing new Attachment access GET API.

What are we changing and why

Today, The Pull API used for getting results for a job, returns a URL of a JSON object which contains the annotation results of a job. This URL contains multiple random UUIDs thus making it near-impossible to guess, But if someone has the URL, it can be accessed without additional authentication.

Additionally, for 2D & 3D segmentation jobs, the result JSON file (or if you're using Playment's callback URL, the callback response) contains URLs to PNG or PCD masks. These URLs are also obfuscated but accessible without authentication.

Collectively, the result JSON, PNG & PCD mask objects are called attachments.

We want to ensure that these attachments can be accessed only with authentication. On 15th July 2021, we will be making all attachment URLs private. To access these URLs we are introducing a new attachment access API. You will have to authenticate this API using your x-api-key in the header of every call. It is the same x-api-key that you currently use with other API calls. You can get from your GT Studio dashboard.

What you need to do

You will need to make changes to the method where you access the attachment URLs. Going forward you should not directly access the attachment URLs. Instead, you will have to use the attachment access API.

get
ATTACHMENT

https://api.playment.io/v1/attachments?url=RESULT_URL
The result_url returned by the GET Job result API is a private URL (Well, it's public till July 15th, after which we'll enforce it to be private). You need to use this Attachment access API to securely fetch the results.
Request
Response
Request
Path Parameters
RESULT_URL
required
string
Result URL returned by the GET job result API
Headers
x-api-key
required
string
API key for authentication
Response
200: OK
The API will redirect to a signed URL of the attachment

After 15th July 2021, once we switch on the access restriction, if you are still directly accessing the attachment URLs, you will start receiving an AccessDenied error from s3 and will not be able to access the attachment.