Released Amazing Template for Phoca Cart
Learn More ...

Unique Download Link (Security Token)

Category: Phoca Download Component

Unique download link feature is a specific method how to provide a download link for users. Every file in Phoca Download can have a specific unique token and user can access this file only in case he/she knows the token. In fact, this is an alternative method to access rights used for downloading a file.


Difference between Access Rights and Unique Download Link features


Access Rights: Only registered users who have access rights for specific file can download it. Login (Registration) is required and access rights must be set for file or its category. Use this method in case, on your site users are registered and can access different files or categories.


Unique Download Link: All users (public, registered) who know the token (security string inside the download link) can download the file. No login or registering is needed. Use this method in case, you want to share a file which shouldn't be shared for public but only for selected users. Share the link (include the token) with users who should be able to download it. For example, if you send a download link to some user, he/she will be able to access it. Even if he/she will be not logged or registered on your site. Even if the file will be not accessible on your site.


What is important to know while using an unique download link (download link with token):

  • Everyone who knows the link, can access this file (if you share the link, then everyone who got the information about the link can share it to some other user). Limit the count of downloading for this file in Options.
  • If the file is stored on your server, it can be accessed directly (as every file on your server). If you share the unique download link with token, nobody will know the ID of the file. But the name of the downloadable file will be shared for the selected users so such user can share it to someone other. If your files shouldn't be accessed by public, always try to protect folders where the files are stored (e.g. with .htaccess or with moving the downloadable files behind the public_html folder - see more info in Phoca Download Options documentation). Of course this recommendation applies to both methods - Access Rights or Unique Download Link method)
  • Direct link feature (see Edit View of the file in administration) cannot be used with this method
  • If you will use External Link option, the protection of the file only applies the your site, not to the external server (file stored on external server must be protected there)
  • As the unique download link is not public, you cannot get this link in frontend. Unique download link is displayed in administration - in Edit View of the file and only in case, the security token is stored. Link can change in case you will change your SEF settings. If you are using SEF, create a menu link to some Phoca Download view, so your link to share will be a SEF link.
  • Only "published", "authorized", "active" rules are taken to account (Unpublished, Unauthorized or Inactive file cannot be downloaded by the unique download link)
  • Access Rights of the file or its category is ignored (Even if the file is not accessible, it can be downloaded by the unique download link)
  • If you want to share the file per unique download link for selected users only, don't forget to set access rights for the file or its category, so it cannot be downloaded by public (using standard way in frontend) Example: You want to share "FILE A" only for selected users. So you will send them the unique download link to this file (FILE A) and they can download it. But if you will create download area on your site, all other users can find this file (FILE A) on your site too. This is why you should set access rights for the "FILE A". Such file then will be not accessible on your site for public but it will be accessible for users who know the security token (because the unique download link feature ignores access rights rules).



  1. Install Phoca Download component in your Joomla! CMS
  2. Set the download folder in Phoca Download Options so it will be located behind public_html folder on your server (Phoca Download Options)
  3. Enable Unique Download Link feature (Phoca Download Options)
  4. Upload the file per FTP to the download folder (FTP Client)
  5. Add this file to your Phoca Download (Phoca Download File Edit)
  6. Set Unique Download Link Token if not set automatically (Phoca Download File Edit)
  7. Create a menu link to Phoca Download if you are using SEF (Joomla! Menu Manager)
  8. Set access rights for the file, so it will be not accessible by public (Phoca Download File Edit)
  9. Copy the Unique Download Link(Phoca Download File Edit)
  10. Share the link to selected user (e.g. your Email client, e.g. Phoca Email Component, etc.)


Powered by Phoca