Best practices for distributing signed download URLs to shop customers (from /r/webdev)?

Hello all,

I'm in the middle of implementing a shop into my existing website to sell some audio plugins I make. I've got nearly all of the processes working so far and am currently working on implementing a mechanism to generate signed URLs for customers to access after they purchase a product. My stack is Angular, NestJS, and PostgreSQL.

I think my question is more so inline with user experience, so I'd love to get some input from the community. I should mention that this "shop" is a very simple one – I don't plan on having really any interface for the customer to use. The only real thing that they'll be able to do is get downloadable URLs for products they've already purchased by entering their email (I realize even this isn't technically secure since anyone could enter a random email, but I feel for my use case (being a tiny niche web shop) this is OKAY).

As of now, my plan is to implement a mailer system that sends the URL to the email the customer provided. This approach would be more work (don't mind learning how to use a mailer though), but I'm not really sure if it's actually that necessary. The other idea is to just give the signed URL back to the client and embed it in a clickable download link in the checkout success page, which is fairly common I feel like.

From an experience standpoint, I don't really feel like there is anything wrong by skipping the whole mail process. My reasoning is that the URL expires anyway, so it wouldn't be helpful to keep it in an email. On the other hand, emails provide a type of documentation that certain customers might like. I can't really tell if I'm being reasonable or just over-engineering this. What are your thoughts?


submitted by /u/hold-the-pants
[link] [comments]

Leave a Reply

Your email address will not be published. Required fields are marked *