Download Security Settings

Configure security settings to protect your digital files while ensuring legitimate customers have smooth access.

Security Settings Overview

Download security protects your digital products from:

❌ Unauthorized sharing - Link sharing prevention ❌ Excessive downloads - Download limit enforcement ❌ Expired access - Time-limited links ❌ IP abuse - IP-based restrictions ❌ Bot scraping - Automated download prevention

Accessing Security Settings

Open Alva Digital Downloads app
Go to Settings → Download Security

Security configuration panel appears

Link Expiry Settings

Download Link Expiration

Setting: How long download links remain valid

Options:

7 days
30 days (default)
60 days
90 days
180 days
365 days (1 year)
Never expire

How It Works

Example (60-day expiry):

Customer purchases: January 1, 2024
Download link created: January 1, 2024
Link expires: March 1, 2024 (60 days later)

Access:
✅ January 1 - March 1: Link works
❌ After March 1: Link shows "Expired"

Choosing the Right Expiry

7 Days:

Use for: Time-sensitive content, one-time events
Example: Webinar recordings, limited workshops

30 Days:

Use for: Standard digital products
Example: eBooks, templates, graphics

60 Days (Recommended):

Use for: Most digital products
Example: Courses, software, media files
Balance: Security + customer convenience

90-180 Days:

Use for: Reference materials, lifetime access products
Example: Comprehensive courses, resource libraries

Never Expire:

Use for: Lifetime access promises
Example: "Buy once, download forever" products
Caution: Less secure, enables link sharing

Customer Communication

Include expiry in:

Download email
Order confirmation
Thank you page
FAQ

Example email text:

Your download link will expire in 60 days from your purchase
date. Please download your files within this timeframe.

Download Count Limits

Maximum Downloads per Order

Setting: How many times customer can download files

Options:

Unlimited (default)
1 download only
3 downloads
5 downloads
10 downloads
Custom number

How It Works

Example (3 downloads limit):

Download 1: ✅ Successful
Download 2: ✅ Successful
Download 3: ✅ Successful (final)
Download 4: ❌ "Download limit reached"

Choosing the Right Limit

Unlimited:

Use for: Customer-friendly approach
Pros: No support tickets, happy customers
Cons: Enables link sharing, less control

1 Download:

Use for: Extremely sensitive content, licenses
Pros: Maximum security
Cons: High support burden, customer frustration
Not recommended for most use cases

3-5 Downloads:

Use for: Most digital products
Pros: Allows device switching, prevents sharing
Cons: Some legitimate use cases limited
Recommended: 5 downloads

10+ Downloads:

Use for: Reference materials, multi-device access
Pros: Very flexible
Cons: Allows some sharing

Exceptions & Support

Customer requests more downloads:

Verify purchase
Check reason (legitimate device change vs. sharing)
Reset download counter manually if appropriate
Document decision

Common legitimate reasons:

Hard drive failure
New computer
Accidental deletion
Download corruption

IP-Based Restrictions

IP Limiting

Setting: Limit downloads per IP address

Options:

No limit (default)
1 IP address only
3 IP addresses
5 IP addresses
10 IP addresses

How It Works

Example (3 IP limit):

Customer downloads from:
1. Home computer (IP: 1.2.3.4) ✅
2. Work computer (IP: 5.6.7.8) ✅
3. Phone (IP: 9.10.11.12) ✅
4. Friend's house (IP: 13.14.15.16) ❌ "IP limit reached"

When to Use IP Limiting

Enable IP limiting if:

High-value digital products ($50+)
History of link sharing abuse
Licensable content (software, templates)
Want to prevent mass distribution

Disable IP limiting if:

Customers frequently travel
Corporate purchases (shared IPs)
Many mobile users (changing IPs)
Low fraud risk

Recommended: 5 IP limit (balances security and flexibility)

IP Limit Issues

Common problems:

Dynamic IPs (ISPs change customer IP daily)
VPN users
Corporate networks (many users, one IP)
Mobile users (IP changes frequently)

Solution: Use higher IP limit (5-10) or disable

Link Security Token

Secure Token Generation

How it works:

Download URL format:
https://yourshop.com/download?key=abc123xyz789

key= Unique, random, secure token
- 32+ character random string
- Impossible to guess
- Unique per order
- Not sequential

Token Security Features

Built-in security:

✅ Cryptographically random
✅ No pattern-based generation
✅ Not based on order ID
✅ One-time generation
✅ Database lookup required

Prevents:

URL guessing
Sequential scanning
Brute force attempts

Advanced Security Options

Setting: Force customer to log in before downloading

Options:

Disabled (default) - Download link works directly
Enabled - Customer must log in to Shopify account

Pros:

Maximum security
Ties download to verified account
Prevents anonymous link sharing

Cons:

Friction for customers
Requires Shopify customer accounts
Not all customers have accounts
May reduce conversions

Recommended: Disable unless selling very high-value products (>$200)

Download Page Verification

Setting: Show verification step before download

Options:

Disabled - Direct download
Enabled - Verify email or order number first

Example verification:

Before downloading, please confirm:
Email: john@example.com
Order: #1045

[Confirm and Download]

Use for:

Extra security layer
Track who downloads
Prevent automated scraping

Rate Limiting

Setting: Limit download speed to prevent abuse

Options:

No limit - Full speed download
Throttled - Limited bandwidth per download

Example:

Unlimited: 10 MB/s (fast)
Throttled: 1 MB/s (slower but prevents mass downloading)

Use for:

Prevent bandwidth abuse
Limit simultaneous downloads
Reduce server load

Recommended: No limit (better customer experience)

Security Monitoring

Download Activity Tracking

Automatic tracking:

Download timestamp
Customer IP address
User agent (browser/device)
File downloaded
Download number (1st, 2nd, 3rd, etc.)
Success/failure status

Viewing Download Logs

Go to Analytics → Download Logs
Filter by:
- Customer
- Order
- Date range
- File
- IP address

Look for suspicious activity:

Many downloads from different IPs quickly
Downloads from unusual locations
Failed download attempts (limit reached)
Automated patterns (bot-like behavior)

Alerts & Notifications

Configure alerts for:

Download limit reached (potential sharing)
Multiple IPs accessing same order
Unusual download volume
Failed security checks

Alert methods:

Email notification to merchant
Dashboard notification
SMS alert (if configured)
Slack notification (via integration)

Security Recommendations by Product Type

Standard Digital Products ($10-50)

Settings:

Link Expiry: 60 days
Download Limit: 5 downloads
IP Limit: No limit
Login Required: Disabled
Rate Limiting: Disabled

Reasoning: Balance security and customer experience

High-Value Products ($50-200)

Settings:

Link Expiry: 90 days
Download Limit: 3 downloads
IP Limit: 5 IPs
Login Required: Disabled (optional: enabled)
Rate Limiting: Disabled

Reasoning: Tighter security for valuable content

Premium/Enterprise Products ($200+)

Settings:

Link Expiry: 180 days or custom
Download Limit: 3 downloads (reset on request)
IP Limit: 3 IPs
Login Required: Enabled
Rate Limiting: Enabled
Additional: Watermarking, licensing

Reasoning: Maximum security for high-value content

Lifetime Access Products

Settings:

Link Expiry: Never (or 365 days with auto-renewal)
Download Limit: Unlimited or high (20+)
IP Limit: 10 IPs
Login Required: Optional
Rate Limiting: Disabled

Reasoning: Fulfill lifetime access promise while maintaining some security

Testing Security Settings

Test Before Going Live

Test checklist:

Download link works
Expiry works correctly (test with short expiry like 1 minute)
Download counter increments
Download limit enforced
IP limit works (test from different devices)
Expired link shows appropriate message
Limit reached shows appropriate message
Customer experience is smooth

Test with Sample Orders

Create test order in Shopify
Mark as paid
Get download link from email
Test various scenarios:
- Normal download
- Multiple downloads
- Different devices/IPs
- After expiry (if possible)

Troubleshooting Security Issues

Issue: Links Expiring Too Soon

Problem:

Customers complain links expired
Set to 7-30 days, not enough time

Solution:

Review typical customer download behavior
Extend expiry to 60-90 days
Consider customer communication (remind before expiry)
Manually extend expired links for legitimate requests

Issue: Download Limit Reached (Legitimate Customer)

Problem:

Customer hit download limit
Reason: Device failure, re-download needed

Solution:

Verify customer purchase
Reset download counter:
- Go to Orders → Find order
- Click “Reset Download Count”
- Notify customer
Document reason

Issue: IP Limit Blocking Legitimate Use

Problem:

Corporate customer (shared IP)
Mobile user (dynamic IP)
VPN user

Solution:

Increase IP limit to 10-15
OR disable IP limiting
Rely on download count limit instead
Whitelist specific customers

Issue: Links Not Secure (HTTP instead of HTTPS)

Problem:

Download links use HTTP not HTTPS
Security warning in browsers

Solution:

Ensure SSL certificate installed on store
Verify Cloudflare/CDN settings
Check app configuration
Contact support if persists

Best Practices

1. Start Lenient, Tighten if Needed

Initial settings:

60-day expiry
5 download limit
No IP limit

Monitor for 30 days:

Check for abuse
Customer feedback
Support ticket volume

Adjust if needed:

Tighten if seeing abuse
Loosen if too many support requests

2. Communicate Clearly

Tell customers:

Link expiry timeframe
Download limit
Where to get help if issues

In download email:

Important: Download your files within 60 days.
You can download up to 5 times.
Need help? Email support@shop.com

3. Monitor Download Logs

Weekly review:

Unusual patterns
Abuse attempts
Security breaches
Customer issues

Monthly report:

Total downloads
Average downloads per order
Expired links
Limit-reached incidents

4. Balance Security and Experience

Too strict:

Frustrated legitimate customers
High support burden
Negative reviews

Too lenient:

Link sharing
Revenue loss
No control

Sweet spot:

60-day expiry + 5 download limit + No IP limit
= Secure enough + Customer-friendly

5. Document Exceptions

When resetting limits:

Record customer name/order
Note reason
Track frequency
Identify patterns

Benefits:

Consistency
Identify repeat requesters (potential abuse)
Policy refinement

Next Steps

Understanding Download Links - How download links work
Tracking Downloads - Monitor download activity
Troubleshooting Download Issues - Solve common problems

Download Security Settings

Security Settings Overview

Accessing Security Settings

Link Expiry Settings

Download Link Expiration

How It Works

Choosing the Right Expiry

Customer Communication

Download Count Limits

Maximum Downloads per Order

How It Works

Choosing the Right Limit

Exceptions & Support

IP-Based Restrictions

IP Limiting

How It Works

When to Use IP Limiting

IP Limit Issues

Link Security Token

Secure Token Generation

Token Security Features

Advanced Security Options

Require Customer Login

Download Page Verification

Rate Limiting

Security Monitoring

Download Activity Tracking

Viewing Download Logs

Alerts & Notifications

Security Recommendations by Product Type

Standard Digital Products ($10-50)

High-Value Products ($50-200)

Premium/Enterprise Products ($200+)

Lifetime Access Products

Testing Security Settings

Test Before Going Live

Test with Sample Orders

Troubleshooting Security Issues

Issue: Links Expiring Too Soon

Issue: Download Limit Reached (Legitimate Customer)

Issue: IP Limit Blocking Legitimate Use

Issue: Links Not Secure (HTTP instead of HTTPS)

Best Practices

1. Start Lenient, Tighten if Needed

2. Communicate Clearly

3. Monitor Download Logs

4. Balance Security and Experience

5. Document Exceptions

Next Steps