How to Create a Password-Protected Upload Widget
Learn how to add password protection to your DriveWidget upload page. Control who can upload files with a simple password gate.
Why Password-Protect Your Upload Widget?
Public upload widgets are great for convenience, but sometimes you need a middle ground between "open to everyone" and "requires an API key." Password protection lets you:
- Share with a specific group — Give the password to clients, team members, or students
- Prevent unauthorized uploads — Stop random visitors from uploading files
- Rotate access — Change the password when someone leaves the project
- Simple access control — No user accounts or API keys needed
How It Works
When password protection is enabled, visitors see a password prompt before the upload form:
- Visitor opens the upload page (
/u/your-slug) - They see a clean password entry screen
- After entering the correct password, the upload form appears
- The session is remembered — they don't need to re-enter the password for subsequent uploads
Setting Up Password Protection
Step 1: Create or Edit a Widget
- Open your Dashboard
- Navigate to your connection
- Go to the Widgets tab
- Click Edit on the widget you want to protect
Step 2: Enable Password Protection
- Go to the Sharing tab
- Toggle Password Protection on
- Enter a password in the field that appears
- Make sure Public Upload is also enabled (password protection works with public widgets)
- Click Save Changes
Step 3: Share the Link
Share the upload page URL with your intended audience, along with the password:
Upload your files here: https://api.drivewidget.com/u/client-uploads
Password: project2026
Password Protection + Other Security
Password protection works alongside other security features:
| Combination | Use Case |
|---|---|
| Password + File type restriction | Client sends only PDFs and images |
| Password + Max file size | Prevent large file abuse |
| Password + CAPTCHA | Extra bot protection |
| Password + Custom slug | Clean, branded URL |
| Password + Webhooks | Get notified when client uploads |
| Password + Form fields | Collect name/email with the upload |
Best Practices
Choose Strong but Shareable Passwords
The password should be strong enough to prevent guessing but easy enough to share with clients:
- Good:
acme-project-2026,client-upload-feb - Bad:
password123,upload - Overkill:
x7$kL9#mP2@qR5(hard to communicate)
Rotate Passwords Regularly
Change the password when:
- A project phase ends
- A team member leaves
- You suspect the password has been shared too broadly
To change the password:
- Edit the widget → Sharing tab
- Enter a new password
- Save Changes
- Notify authorized users of the new password
Combine with Custom URL Slugs
Make your upload page look professional:
https://api.drivewidget.com/u/acme-brand-assets
Password: acme2026
This is much better than sharing a generic widget embed URL.
Common Questions
Can I set different passwords for different widgets?
Yes! Each widget has its own password. You can have:
/u/client-a-uploadswith passwordclientA2026/u/client-b-uploadswith passwordclientB2026
Does the password expire?
No. Passwords remain active until you change them or disable password protection.
Can I see who entered the password?
Currently, DriveWidget tracks uploads (file name, size, timestamp, form data) but not password entry events. If you need to track who is uploading, add a Name and Email form field to your widget.
What happens if someone enters the wrong password?
They see an error message and can try again. There's no lockout mechanism — the rate limiter handles brute-force protection.
Try It Now
Set up a password-protected upload page in under 2 minutes:
- Sign up free
- Connect your Google Drive
- Create a widget with a custom slug
- Enable password protection
- Share the link + password with your clients
Ready to collect files?
Start using DriveWidget for free. No credit card required.