Public vs Private Widget Uploads — When to Use Each
Understand the difference between public and private upload widgets in DriveWidget. Learn when to use each mode and how to configure them.
Two Ways to Accept File Uploads
Every DriveWidget upload widget has two access modes: Public and Private. Choosing the right one depends on who needs to upload files and how you're distributing the upload link.
Public Uploads
Public widgets allow anyone with the link to upload files — no API key, no login, no authentication required.
When to Use Public Uploads
- Client file collection — Share a link with clients to send logos, contracts, or assets
- Event photo collection — Create a QR code that guests scan to upload photos
- Job applications — Accept resumes from candidates on your careers page
- Student assignments — Let students submit work without needing an account
- Contact forms with attachments — Embed on your website for anyone to use
How to Enable Public Uploads
- Go to your Dashboard and open a connection
- Click the Widgets tab
- Click Edit on your widget
- Go to the Sharing tab
- Toggle Public Upload on
- Optionally set a Custom URL Slug (e.g.,
client-uploads) - Click Save Changes
Your widget is now accessible at:
https://api.drivewidget.com/u/your-custom-slug
Public Upload Security
Even though public uploads don't require authentication, they're not unprotected:
| Protection | How It Works |
|---|---|
| Rate limiting | Prevents abuse with per-IP request limits |
| File type validation | Only allow specific file types (PDF, images, etc.) |
| File size limits | Enforce max upload size per your plan |
| CAPTCHA | Optional Cloudflare Turnstile integration |
| Password protection | Add a password gate before the upload page |
Private Uploads
Private widgets require an API key to upload files. The widget itself is only accessible to authenticated users.
When to Use Private Uploads
- Internal tools — Your team uploads files through a dashboard you built
- SaaS integrations — Your app uploads files on behalf of users
- Automated workflows — Scripts or bots that upload files programmatically
- Sensitive documents — When you need to control exactly who can upload
How Private Uploads Work
Private widgets use the embed URL with an API key:
<iframe
src="https://api.drivewidget.com/widget/YOUR_WIDGET_ID/embed"
width="100%"
height="300"
frameborder="0"
></iframe>
For API-based uploads, include your API key in the header:
curl -X POST https://api.drivewidget.com/v1/YOUR_CONNECTION_ID/upload \
-H "X-API-Key: your-api-key" \
-F "file=@document.pdf"
Quick Comparison
| Feature | Public | Private |
|---|---|---|
| Authentication required | No | Yes (API key) |
| Shareable link | Yes (/u/slug) | No |
| QR code support | Yes | No |
| Best for | External users | Internal/API use |
| Rate limiting | Automatic | API key based |
| Social sharing buttons | Yes | No |
| Embed on any website | Yes | Yes (with API key) |
| "Powered by DriveWidget" badge | Yes (free tier) | Yes (free tier) |
Best Practice: Start Public, Add Security as Needed
For most use cases, start with a public widget and add security layers:
- Public + file type restriction — Good for most client-facing use cases
- Public + password protection — When you want a simple access gate
- Public + CAPTCHA — When you expect high traffic or potential abuse
- Private + API key — When you need full programmatic control
Try It Now
Create a free account and set up your first upload widget in under 2 minutes:
Ready to collect files?
Start using DriveWidget for free. No credit card required.