Help Center / Media / Embargoed assets / Get started with embargoed assets

Get started with embargoed assets

NOTE: The Embargoed assets feature is only available on specific plans. Reach out to your Sales representative for more information about feature availability.

As a space administrator, you can configure embargoed assets.

Here is a high-level overview of what you need to do to start benefiting from the feature: 

  1. Select a protection mode that best fits your needs.

  2. From the space Settings drop-down menu, select "Embargoed assets". This menu item is only visible to space administrators.

  3. On the settings screen, click "Get started" to enable embargoed assets in "preparation mode". All of your assets will remain publicly accessible, but you can begin using embargoed assets APIs.

  4. Implement authorization and asset URL signing logic
 while still in preparation mode, and ensure that your space is requesting all assets from the secure assets delivery network.

  5. Once you are certain everything functions as expected, change the protection mode in embargoed assets setting to either "all assets protected" or "unpublished assets protected" mode, depending on your needs.

NOTE: You can use secure asset URLs just like you do standard asset URLs. You can download the asset, or you can embed the asset. You just need to keep in mind the expiration period and how that may influence your specific use case.

For more information on how the feature works and how to get started, see the developer documentation

A list of specific terminology related to embargoed assets can be found here.

Use embargoed assets

When enabling embargoed assets, you can select whether to protect all assets or only unpublished. Learn more about different types of protection here

Once you enable the feature, asset URLs returned by the CMA, CDA, CPA or GraphQL API will need to be cryptographically signed before use. Signing is accomplished by first fetching a short-lived (valid for up to 48h) asset key from Contentful’s API. This asset key can be used to sign any number of asset URLs within a particular space until its expiry, and each signed URL can have an independent lifespan. A specific asset file is accessible to anyone who has a correctly signed URL until that URL has expired.

You are responsible for implementing authorization logic to decide whether a specific user should or should not have access to the asset. Contentful does not limit you in any way as to what information and how it can be used for this purpose.