I want to share a URL for users outside our team to download our datasets. When downloading a particular version, there are three options (Jupyter, Terminal, Raw URL). The Jupyter one has what is obviously an API key which is refactored visually. All options have a warning at the bottom
Warning: Do not share this snippet beyond your team, it contains a private key that is tied to your Roboflow account. Acceptable use policy applies.
the Raw URL option has a “key” in the URL. Is this also something specific to our team or something we can publicly share? e.g. https://universe.roboflow.com/ds/[some_hash]?key=[some_key]
I’m guessing this is just an error in the GUI and this warning only applies to the API key shown in the Jupyter code, but looking for confirmation before pasting the raw url somewhere.
I want to be careful how I reply due to it being very important to get the answer right, but when i read through Export Versions | Roboflow Docs I found where it addresses this:
curl and python are unsafe, but no mention of Raw URL
And because there is no visual filter on the raw URL snippet either, I am going to assume that its safe, but I would wait for the team to confirm that with you. I just saw your post and wanted to see if I could recommend my other method in the mean time:
This should take the user to the dataset page where they can download it right after they log in, and its a easy way for them to visualize the dataset before they download it too! Seems like a better solution to me if it fits into your use case.
Thanks for your reply @Hunter-Lanier but if you look closely at the curl vs raw url commands, they contain the same url. The curl command just uses curl to download and unzip the file at the url given in raw url.
The alternative method you mention is fine for sharing with others sometimes, but I was more interested in setting up some automated way to download a new dataset onto huggingface so we can host there as well. I think I’ll just end up storing the API key in some keychain rather than worry about this, but I also noticed the “key” in the url is not the same as the API key, and it changes for every dataset version, so it appears to at least appear to be a fine-grained token for access only to that dataset, so I’m still guessing its fine to share, but I’ll err on the side of caution until otherwise corrected.
