Extra Parameters in Attachment URL

Hi - I recently noticed that the URLs for attachments in my base are ‘sometimes’ exported with additional parameters that looks something like this:

&userId=usrRGFsp5k3BVKxoz&cs=5df56hubdtrt3673b79d

I’d prefer just the basic URL, and am also concerned that exposing the UserID is a security flaw - since I’ve shared these asset links, usually images, on a public platform without inspecting the URL closely.

I am using the API (via pyairtable) to get these URLs. Sometimes the extra parameters are included, and sometimes they’re not. I haven’t been able to ascertain what is causing the different outcomes.

Has anyone experienced this, or had similar issues?

Thanks!

I’m not sure about the extra parameter — I would ask support@airtable.com to see if they know anything about that.

But note that as of November 8th, you won’t be able to share these attachment links on public platforms for more than 2 hours, because the links will expire after that:

1 Like

The user ID parameter is likely your user ID, but it’s not a security flaw. It is anonymized (doesn’t reveal your identity), and it does not represent an ID used to gain access to Airtable. It is there purely for tracking purposes.

The cs parameter is typically a session ID; also innocuous.

Then your app needs to parse away these parameters.

Any rendering of URLs with these parameters is ignored by the browser, but more importantly (as @ScottWorld makes clear), you need to eliminate CDN URL dependencies from your process in the next few months or face some surprises. Furthermore, any and all URLs shared in the wild will become invalid.

Depending on your business case and application architecture, you might need one of these.

2 Likes

Yikes. Didn’t know about that. Thanks for pointing it out.

Looks like I have some homework to do!

This topic was solved and automatically closed 3 days after the last reply. New replies are no longer allowed.