If I create an access token which has access to my own assets hosted on Cesium Ion, and I want my users to access those assets without having a Cesium ion account, am I allowed to share my access token publicly?
I’m most concerned if this is against TOS on sharing tokens, if there is any.
If this is against TOS, is there another way to achieve this?
Can you tell us some more about the details of your use case. That will help us advise you on a secure way to share your assets. For example:
- Do you want to share your assets with other developers who will be using your assets in their own applications?
- Is this for non-technical users to view your assets?
- What type data are you trying to share?
Our terms of service requires you to keep your account password secure. You are allowed to distribute access tokens but usage of those tokens will be counted against your account, and could potentially some delete your assets. You want to be careful with sharing them. To help you manage this, Cesium allows you to create access tokens with different scopes (eg. Limited to accessing a single asset from a single URL). You can also invalidate the tokens at any time to prevent them from being used.
- Yes, I have a 3DTiles asset that I want to share with other developers to use in their own scenes.
- It is for both technical and non technical, for everyone who wants to use the asset. The asset is a model of cities as 3D tiles.
- By sharing the access token, everyone interested in the model will be able to stream it via the Cesium3D Tileset component by just entering the asset ID and access token.
So is my understanding correct that while potentially there is risk of someone deleting my assets, and of course the usage being counted against my account, this is allowed?
The account password is never shared, just the access token.
For non-technical users, you can create a Cesium Story with the asset so they can view it without any coding required. There is no token required for this, you can share the URL of the story.
If you do choose to distribute your access tokens to allow others access to your assets, we recommend providing the lowest level of permission required for any tokens you are sharing. In this case you would probably want to only allow the
assets:read scope and have the token allow access to only the one asset you are sharing. That will prevent anyone with the token from using or deleting any of your other assets.
In both cases the usage will count against your streaming quota.