# Generating Access-Controlled URLs

## Authenticated URLs (Aquarium Auth Headers) <a href="#authenticated-urls-aquarium-auth-headers" id="authenticated-urls-aquarium-auth-headers"></a>

Users can provide URLs that are authenticated through normal authentication measures, such as by [providing URL signing endpoints](https://cloud.google.com/storage/docs/access-control/signed-urls) for raw data stored on their own S3 / GCS buckets. Requests from Aquarium will include auth headers identifying itself, so users can allow Aquarium to see data without exposing it to the wider world.

## Authenticated URLs (Company Identity Provider) <a href="#authenticated-urls-company-identity-provider" id="authenticated-urls-company-identity-provider"></a>

If your company has more complex access controls, we can also discuss integration with Identity Providers like Okta, and include that information when requesting resources. This means that all requests must come from an environment where the user has authenticated with the company's identity provider.

## IP Restricted URLs <a href="#ip-restricted-urls" id="ip-restricted-urls"></a>

If users do not want Aquarium to have read access to their data at all, they can restrict permissions on their URLs to only be accessible to users within their corporate network or VPN. This way, Aquarium's servers won't have read access to the raw data. When someone uses Aquarium from within an approved network, the Aquarium browser client will be able to access and render the raw data correctly.This can also be done in conjunction with other access control schemes, such as authenticated image signing URLs.

## Serving Locally Hosted Images <a href="#serving-locally-hosted-images" id="serving-locally-hosted-images"></a>

Aquarium's only requirement is that images are available via an HTTP request from the user's browser. Users can host data from their own computer if needed, which is particularly useful for fast experimentation workflows. You can [serve a folder of local images with a simple HTTP server](https://developer.mozilla.org/en-US/docs/Learn/Common_questions/set_up_a_local_testing_server#Running_a_simple_local_HTTP_server) by installing Python or node, and running one of the following commands:

```
# Python 3
python3 -m http.server 5000

# Python 2
python -m SimpleHTTPServer 5000

# NPM
npx http-server --cors='*' --port=5000
```

{% hint style="warning" %}
If you're working with semantic segmentation or point cloud data, you'll need to use a local file server that supports Cross-Origin Resource Sharing (CORS). The recommended NPM package below supports it as written.&#x20;

If you are unable to use an NPM package, please reach out and we can get you set up.
{% endhint %}

Afterwards, you can submit URLs to Aquarium that are formatted like `https://localhost:5000/{image_path}.jpg` When the Aquarium client tries to render these URLs, it will load the images served by the Python server on your local machine with minimal latency.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://legacy-docs.aquariumlearning.com/aquarium/data-privacy/data-sharing-methodologies/generating-access-controlled-urls.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.