zshot/cli
⌘K
Download

--server-signed-url

ValueALGO:SECRET
LicenseENT

Requires a valid signature on GET requests to / and /assets. Pass the key as hmac-sha256:<secret>. The server signs asset Link URLs with this secret and rejects an unsigned or tampered GET with 401.

Use it to hand out a capture or asset URL that a client fetches directly without holding a credential. Header auth still takes precedence: a request with valid Basic or token credentials authorizes outright, and the signature is checked only when no credentials are sent.

Bound how long a signature stays valid with --server-signed-url-max-age.

This is an Enterprise-tier flag.