Announcing Secure Share

Pangea is proud to announce the general availability of Secure Share. Secure Share is a set of APIs that make it easy to add secure file sharing to your application.

Apps often need to send and receive sensitive files - such as a mortgage application requesting a customer’s W2, an insurance app sending out a customer’s policy documents, or a healthcare app sending out lab results.

Exchanging these files introduces important safety, security, and compliance requirements. The most important thing is ensuring that the external senders or recipients have been authenticated. You also need to ensure that the files aren’t malicious, and that they’re encrypted in transit and at rest.

Secure Share handles the security and complexity with straightforward APIs and UI components for customizable branded emails, SMS messages, file explorer components, and Pangea hosted authentication and share link access pages. All files are scanned for malware using File Scan, and admins can control the types and maximum sizes of files that can be shared, as well as the default limits on how long share links are valid and how many times they can be accessed. Pangea provides default storage for the files to be shared, but Secure Share also supports a bring your own bucket feature that allows you to use your own AWS S3 or CloudFlare R2 bucket.

Share links are authenticated by SMS, email, or password. In true composable security API fashion, Secure Share uses portions of Pangea’s AuthN service for its authentication features. When someone clicks on a share link, they are presented with a hosted authentication page that can be customized with your branding. After authenticating, an authorized share recipient is presented with a file explorer view of the files and/or folders that have been shared. A share link can be an upload, download, or edit share. The recipient can upload only to an “upload” share, download only to a “download” share, while an “edit” share supports upload, download, delete, rename, and folder creation, all through a branded file explorer. In another example of composable security API use, all files are scanned using Pangea’s File Scan service and no files detected as malicious are accepted.

The file explorer UI component you see in the Pangea User Console’s Secure Share page is available as a MUI React control (see here for more details on integrating the control), so you can use it along with our NodeJS/Javascript SDK to give your app users the same ability to upload and download files, organize them into folders, create share links to files or folders, and email the share links to chosen recipients. You can also create your own interface, as the Secure Share APIs expose all of the base functionality you see in the UI to execute put, get, list, and delete for files, folders, and share links.

Secure file exchange is a complex feature, but the Secure Share service vastly simplifies the process of adding secure file sharing to your application.

Get started today with your free Pangea account and $5 monthly credits. Create a Secure Share project to start uploading and sharing files immediately using the Pangea User Console. Browse the Secure Share documentation, SDK, and SDK samples in your favorite language (e.g. the Secure Share Examples in the Python SDK).


Feature Highlights

Unlike some other share link implementations, Secure Share links are always authenticated. The recipient has to know and possess the phone number, email address, or password that the share link was created with. To access an SMS authenticated share, the recipient is asked for their phone number, then they have to type in a code sent to that phone. To access an email authenticated share, the recipient is asked for the email address and then they have to type in a code sent to that email address. For password authenticated shares, the recipient is only asked for the password.

See the Secure Share share/link/create API documentation for more information on authentication methods and other options available when creating share links.

Easily create and send an SMS or password authenticated share-link via email using the +Share Via Email button. You can also use the +Get Link button to create a share link that is authenticated via email or SMS code, or by password. You can copy that link and send it however you want (e.g. Slack, SMS, or other secure messaging method), but every link is authenticated.

Share Via Email

When creating a share link using the +Share Via Email button, you give the recipients’ email address and a phone number to receive an SMS authentication code (or you can choose a password to be used). You can optionally set a title and message to appear in the emailed share link and on the share link page, and you can update when the share link should expire and how many times the share can be accessed (within admin configurable constraints).

The +Get Link button allows you to choose whether to use phone number, email address, or password as the authentication method (see further below for an example flow where the share link is sent via email, and the recipient must know the phone number and be able to receive the SMS code to authenticate and get access to the share page).

File Explorer

The File Explorer interface in the Pangea User Console allows you to add and organize files, as well as create and manage share links. The same File Explorer used in the Console is available as a component that you can use for the same functionality within your own application.

When a file is Shared via Email, the recipient receives a branded email containing optional messaging from the sender, information about the share link access restrictions, and a button to open the share link for accessing the files in the share.

Every share link is authenticated, and here you see a branded, Pangea hosted authentication page powered by the Pangea AuthN service. Share links sent via email are by default authenticated using SMS, and the recipient has to know the phone number that was given when the share is created.

Branded SMS Verification Code Delivery and Authentication

When the share recipient enters the right phone number in the share link authentication page they will receive a branded SMS message with the verification code for use in the authentication page.

Entering the correct verification code from the SMS message in the form shown below will grant access to the branded share page where the share contents can be accessed.

Branded Share Page

Once authenticated, the share link recipient will see a branded, Pangea hosted file explorer view that allows them to access only the files and/or folders that were shared with them.

Bring Your Own Bucket

Secure Share provides Pangea hosted storage by default, but the configuration of the Secure Share service allows you to bring your own AWS or CloudFlare bucket to be used to store the files and folders available for sharing. You can add multiple buckets, set one of them as the default, and specify any enabled bucket in an optional parameter to the Secure Share APIs. You can also switch between enabled buckets in the Secure Share file explorer UI.

File Restrictions

As a Secure Share service administrator, you can limit the file size and the file types allowed.

Audit Logging

Secure Share is also integrated with our Secure Audit Logging so that administrators can keep track of file and folder creation, sharing, and access. Secure Share’s use of the Secure Audit Log, AuthN, and File Scan services are all great examples of composable security APIs in action. You can expect to see more examples as we deliver future Pangea services as well.

0
Subscribe to my newsletter

Read articles from Bruce McCorkendale directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Bruce McCorkendale
Bruce McCorkendale

SPM@Pangea | Entrepreneur | Cybersecurity Advisor