Skip to main content

2026-03-21 - Important Security Update: Changes to Device Screenshot URLs

info

Effective Date: April 30, 2026

As part of our ongoing commitment to platform security and SOC 2 compliance, we are making a mandatory change to how device screenshot URLs are served through the signageOS API.

What is changing

The uri field returned by the screenshot endpoints will transition from permanent, publicly accessible URLs to short-lived pre-signed URLs that expire within minutes.

Affected endpoints:

  • GET /v1/device/screenshot
  • GET /v1/device/{deviceUid}/screenshot

After this change, screenshot URLs can no longer be stored, cached, or reused at a later time.

warning

Any screenshot URLs currently stored in your databases or caches will stop working on April 30, 2026. The previously permanent URLs will no longer resolve once the migration is complete. You must update your integration to fetch fresh URLs on demand using the new endpoint described below.

New endpoint for on-demand downloads

To support this transition, we are introducing a new endpoint:

GET /v1/device/{deviceUid}/screenshot/{screenshotUid}/file

This endpoint returns an HTTP 302 redirect to a fresh pre-signed download URL each time it is called. If your integration currently stores screenshot URLs for later use, you should instead:

  1. Store the screenshot uid (returned in existing responses)
  2. Call the new endpoint at render time to obtain a fresh, valid download URL
  3. Use the URL immediately — do not persist the redirect target

Why this change is mandatory

  • Strengthening security posture by eliminating publicly accessible storage buckets
  • Achieving SOC 2 compliance requirements for data access controls
  • Remediating a security vulnerability in the current unauthenticated access model

How to prepare

Review your integration code for any logic that stores or caches screenshot uri values for later use. Update those flows to use the new /file endpoint to fetch a fresh URL on demand.

Timeline

MilestoneDate
Feedback & concerns deadlineMarch 31, 2026
Change takes effectApril 30, 2026

We want your feedback

If this change impacts your workflow or you have concerns, please reach out to us before March 31, 2026 via support ticket. We want to ensure a smooth transition and are happy to assist with any migration questions.