Access & sharing
Tokens, sessions, and shareable links that don't leak secrets.
By default a node runs open on a trusted local network. For anything beyond that, OneSVD supports a bearer token and an IP allowlist.
Requiring a token#
Set ONESVD_TOKEN (see configuration). The UI then prompts for the token when you connect. Entering it exchanges the token for a session cookie, so the browser stays signed in without the token appearing in URLs.
Shareable links#
File and folder links are authorized by the session cookie, not by a token in the URL. That means you can copy a link to a file — or a folder's zip — and it won't leak your token. Recipients still need access to the node.
IP allowlist#
Set ONESVD_ALLOW_IPS to a comma-separated list to restrict which addresses can reach the node at all. Loopback is always allowed, so local tooling keeps working.
With no token and no allowlist, write endpoints are open to anyone who can reach the port. That's fine on a private machine; lock it down before exposing a node.