I would like to integrate sending files (from server to customer) via Freshdesk Freshchat. I see that this is done something like this using API https://developers.freshchat.com/api:
{
"actor_type": "agent",
"actor_id": "...",
"message_type": "normal",
"message_parts": [
{
"file": {
"name":"test.pdf",
"url": "https://test.com/D71E3FF0-6E24-4281-B0B0-9419C98A62BE.pdf",
"file_size_in_bytes":312321,
"content_type":"application/pdf"
}
}
]
}
When a customer receives the file in the widget in the browser and clicks on the corresponding button it just directs him to the link sent via API.
We use Amazon S3 to store files, I know that we can make public links to files there. Let's say I generate such a link and specify the GUID (or multiple random substrings) in its path. Is this enough for security? There is an understanding that it seems that no one except the customer knows this link, but at the same time this link is publicly available. If we proceed from the fact that it is unlikely that someone will generate such a link by brute force? I'm worried because these files may contain personal information about the client, documents. I also see that in the Freshchat incoming files (sent from customer to server via webhook) are also just links with random strings or hashes in path.
It may also be a little more secure to send a link with a short lifetime, for example, 30 minutes, but I don’t know if such links can be configured in Amazon S3.
