Webflow is amazing. MemberStack is fantastic.
But there is no native solution from either service to secure your file downloads, yet still allow the flexability of only your logged in members to download those files đĄ
"I'm creating PDF files for my users. It's sensitive information. I need to securely protect those files, yet still allow my users to download them."
ButâŠwhat if you could?
What if you could continue using the tools that already work well for you, yet extend them by providing this missing feature - Secure File Downloads.
Well, now you can đ
Iâm combining Integromat and Amazon Web Services (the industries gold standard) to allow your logged in members to download files đ
To do this, Iâm usingâŠ
- ⊠Webflow
- ⊠MemberStack
- ⊠Integromat (free account)
- ⊠Amazon Web Services - AWS (free account)
For this walk through we are going to verify, directly with MemberStack, that every time someone clicks to download a file, they are a logged in user on your site.
If they bypass your âhiddenâ content and try to download your files, they canât đ
Add some muscle đȘ to your Webflow site by setting up Secure File Downloads right now.
Part 1: Hereâs what youâre buildingâŠ
Letâs build a simple e-learning course site with PDF downloads for each lesson.
Combine this with my Simple Course Site walk through and youâre starting to build a powerhouse ontop of Webflow đȘ
Here is the Custom Code from the video on my Github account.
NextâŠ
Letâs dig into the âAuthenticateâ Integromat module. This does the heavy lifting to confirm a logged in member directly with MemberStack.
Part 2: Authenticate
You are taking the JWT token shown in part 1 and sending it up to AWS.
There, with my copy & pasted code, youâll authenticate the JTW token with MemberStack to confirm that this is indeed a currenly logged in member.
Hereâs what youâre doing:
- ⊠Setup your free AWS account.
- ⊠Setup your AWS Lambda function.
- ⊠Copy/paste my custom code into Lambda.
- ⊠Create an API Gateway to call the custom code.
- ⊠Hook up Integromat to run the code authenticating the member.
Here is the Custom JWT Code from the video.
đ€Ż Yea, this looks complicated...
- âïž Integromat Scenario ready to import into your own project.
- đ The password for the live Webflow site I built for this video.
- đ This read-only Webflow project link, see how I set it all up.
- 𧩠The step-by-step guide to recreate what's in this video.
NextâŠ
With the JWT token authenticated, we need to verify this member. Thatâs what youâll see in part 3 below.
Part 3: Verify Member
The Authenticate module you just created (above) asks MemberStack if this JWT token is a logged in and authenticated member across their platform.
ButâŠthat doesnât mean they are logged into YOUR MemberStack website.
You now need to confirm this by making a request to MemberStack for the member id listed in that JWT token.
If MemberStack returns a member, youâve verified that this logged in member is part of your website.
NextâŠ
If they are not authenticated or verified, what do you do?
You redirect them to a page of your choice and they canât download the file. Thatâs covered in part 4 below.
Part 4: Failure Redirect
The user is not an authenicated and verfied member soâŠyou will send a responce to the web broswer telling it to redirect the user to the url you passed in the form submission.
NextâŠ
The user is an authenticated and verfied member, so letâs download the file! Checkout part 5 below.
Part 5: Download the File
All system are go!
The user can download the file. ButâŠwhere is the file stored?
Youâll store the files in your free AWS account. Within their service called S3. Itâs protected so not just anyone can download these files, only those that you allow.
Hereâs what youâll be doingâŠ
- ⊠Setup AWS S3.
- ⊠Setup an API token.
- ⊠Upload the files to S3.
- ⊠Setup Integromat to download them.
Now, you wonât be downloading the files directly to the user. Instead, youâll download the files into Integromat and Integormat will then send the downloaded file to the users browser.
This allows you to protect your files with a âtokenâ (e.g. password) that youâll store inside of Integromat.
Your users never have access to this token. So if they want to download files, they have to go through the authentication process above.
Nice! đ
NextâŠ
Youâll send the downloaded file back to the web browser and trigger the browser to automatically start downloading the file.
Part 6: Send File Back to the Web Browser
AndâŠthis completes the feature đ
The member clicked to download a file, and a moment later the file is downloaded.
Secure file downloads with Webflow & MemberStack.
So flippin good đ
Here are the Custom Headers from the video.
đ€Ż This is complex
- âïž Integromat Scenario ready to import into your own project.
- đ The password for the live Webflow site I built for this video.
- đ This read-only Webflow project link, see how I set it all up.
- 𧩠The step-by-step guide to recreate what's in this video.