Uhpenry
Uhpenry Concepts

Download Access

Developer guide to Uhpenry's Download Access mode and the access key object how it enforces secure, auditable downloads via Snapgate and Snapcharge.

In Uhpenry, downloads are never delivered through static email attachments or unauthenticated public links. Instead, all download activity is governed by Access keys: server-side records that bind a completed transaction (Snapcharge) to a user and gate their ability to retrieve project artifacts in real time.

Whenever a Snapcharge is finalized whether through payment or free entitlement Uhpenry issues an access key that becomes the operational control point for downloading. Each download request must validate the access key's state, enforce any owner-defined restrictions (such as cooldowns or expiry), and confirm the integrity of the Snapcharge and Snapshot that underpin the entitlement. This layered approach ensures that downloads remain secure, revocable, and fully auditable.

Why Access Keys Exist

Access keys were designed to clearly separate ownership rights (defined by Snapcharge and Snapshot) from operational access (enforced by the access key itself). This avoids scenarios where payment records exist but access is incorrectly granted due to persistence issues.

Every access key is bound to a tuple of (user, Snapgate, Snapcharge, entity). Possessing a direct artifact URL is not enough; without a valid access key in an authenticated session, the download will fail. This strong binding also allows owners to exercise granular control over access.

Because each access key persists its own state history and usage metrics, it doubles as both an enforcement mechanism and an audit trail. Rate limits, cooldown windows, and access expirations can all be applied per key, while forensic data supports troubleshooting and dispute resolution. Finally, every download request is checked in real time against the associated Snapcharge/Snapshot, guaranteeing that access is only valid if the underlying entitlement is still intact.

What an Access Key Represents

Access key is a document that grants a user the right to download a specific artifact. It records when the key was created, how many times it has been used, and what its current status is (active, expired, revoked, deleted).

It is not a bearer token. Knowing an access key ID alone is insufficient: the request must also originate from a valid authenticated session tied to the correct user. This prevents leaked identifiers from granting unauthorized access. In practice, the access key behaves more like a durable entitlement checkpoint than a credential.

Configurable Controls

Owners can customize access key behavior to fit their licensing model:

  • Cooldowns (default: 24 hours) prevent rapid re-downloads, reducing leakage.
  • Access limits cap the number of times a file can be retrieved.
  • Revocation immediately disables future downloads without altering historical Snapcharges.
  • Deletion performs a soft delete for housekeeping while preserving audit history.

Integration with Snapgate & Snapcharge

Access keys only exist once a Snapcharge has been successfully recorded and serialized into a Snapshot. The Snapcharge remains the canonical record of payment; the access key is an operational gate that references it.

Every download request re-verifies the Snapcharge using Uhpenry's published integrity checks. If verification fails for example, due to missing keys after rotation, access is denied and flagged for support review. This guarantees that entitlement is always tied to a provable transaction.

Security Principles

  • Downloads always require authentication; access key IDs alone are insufficient.
  • All file delivery uses short-lived signed URLs.
  • Storage-platform secret keys are rotated which doesn't affact.
  • Raw telemetry is encrypted at rest and access-controlled.
  • Reconciliation jobs detect failed entitlement creation (e.g., payment succeeded but no access key exists) and recover or escalate gracefully.

Owner & User Experience

From the owner's perspective, Access keys provide flexibility and visibility: cooldowns, limits, and expiry defaults can be set at the project level; keys can be revoked on demand. Owners also benefit from clear analytics: download counts, cooldown violations, and revocation logs are all available for oversight.

For users, transparency is key. Interfaces should clearly display how many downloads remain, when the next download will be available, and when their entitlement expires. Receipts should show when the access key was granted and when it will expire, if applicable.

Metrics

Operational metrics include per-key download counts, per-project totals, cooldown violations, and time from payment to first download. Logs are keyed by access key, Snapcharge, and Snapgate identifiers.

So in a summary, Uhpenry's Download Access model ensures that project artifacts are delivered securely, auditable, and revocable. By leveraging access keys tied to completed Snapcharges and Snapgates, downloads are tightly bound to verified user entitlements, preventing unauthorized access even if URLs or identifiers are exposed.

access keys act as operational checkpoints, enforcing cooldowns, usage limits, expirations, and revocations, while providing a transparent audit trail for both owners and users. Integrated with Snapcharge and Snapshot verifications, every download request confirms that the underlying entitlement is valid and tamper-evident.

In essence, access keys bridge transactional proof and operational enforcement, allowing Uhpenry to deliver content safely while maintaining accountability, traceability, and flexible owner control over every download.

Note: This guide is living documentation. We welcome contributions and corrections via GitHub or support@uhpenry.com.

Showcase Model

In-depth explanation of the Showcase access model.

Invitation Access

Deep explanation of the Invitation Access method (Request Key flow), how it ties to Snapgate and Snapcharge, and security guarantees.