All articles
Security4 min read

Secure Document Sharing with Signed URLs for Brokers

CRMandGo Team · 6 April 2026

When a broker needs to share a client document, a valuation report, a pre-approval letter, or a settlement statement, the last thing they should do is send a permanent link to the file's storage location. Signed URLs solve this by generating a temporary, authenticated link that expires after a set period. The recipient can view or download the document, but the link becomes useless after expiry.

How signed URLs work

A signed URL is generated by the CRM server, cryptographically signed with a key that proves the request is authorised. The URL includes an expiry timestamp, typically 15 minutes to 24 hours depending on the use case. During that window, anyone with the link can access the document. After expiry, the link returns an error. No storage paths, no bucket names, no infrastructure details are ever exposed.

Why this matters for compliance

Permanent document links are a security liability. If a link is forwarded, leaked, or stored in an email thread indefinitely, anyone who encounters it can access the document forever. Signed URLs limit the exposure window, even if the link is forwarded, it stops working after expiry. This aligns with APP 11's requirement to take reasonable steps to protect personal information.

Signed URLs in practice

In a well-designed CRM, signed URLs are invisible to the user. A broker clicks 'View document' and the CRM generates a signed URL behind the scenes. A client accessing their deal room gets signed URLs for every document download. The security happens automatically, without anyone thinking about it, which is exactly how security should work.

Frequently asked questions

What if a signed URL expires while someone is downloading?
Once a download has started, it completes regardless of URL expiry. The expiry only prevents new access requests after the time limit. For viewing in-browser, the document loads fully before the URL expires for typical file sizes.
Can signed URLs be revoked before they expire?
Individual signed URLs cannot be revoked, but the signing key can be rotated, which invalidates all outstanding URLs immediately. This is an emergency measure for security incidents, not routine use. Standard practice is to set short expiry times (15-60 minutes) so links expire quickly by default.

Ready to see it in action?

CRMandGo is built for Australian brokers. Start your free trial, no credit card, no lock-in.

Start free trial