Skip to content

Restricting HubSpot files to private pages

Private File Locker lets you lock down access to files you make available in your AllianceHub portal, so only logged in users can access them. This module is included with AllianceHub.

HubSpot private files

When you set a file URL visibility of Private for files uploaded to HubSpot file manager, they are inaccessible to anyone outside of your HubSpot instance, unless you share a temporary link. HubSpot makes that link available for 24 hours, by default. Once the link expires, the file is no longer available at that URL.

HubSpot private files

Private File Locker generates a locker link: a time-restricted encrypted link to a private file, which expires after 15 minutes.

Using Private File Locker

Private File Locker is a module that can be inserted on a page, blog post or other content type such as a knowledge base article.

To use it, you'll need to know the file ID of the file you want to link to. Visit this HubSpot knowledge base article to learn how to find the file ID.

Add Private File Locker by clicking the plus icon at top left of your page menu. Navigate to Private File Locker in the modules section, and drag it to your desired location.

Pro tip: use the search bar to filter the modules, to avoid scrolling.


When the module content displays, enter the text for your link, e.g. the file name, or a call to action, and the private file ID.


Click Apply and the module will appear on your page, along with the time at which the link will expire. The time displayed is local time, based on the date and time settings of the device it's being displayed on.

Private file locker on page

A new encrypted link will be generated every time the page loads.

Once the link expires, it will return a standard 404 - not found error message, generated by HubSpot.

Things to know

If a user accesses the encrypted link, their browser cache will remember it (dependent on their cache settings). As a result, an individual user maybe able to access the link again within the same session, beyond its expiry, if they have not navigated away from the page.

Setting up an idle session timeout for your AllianceHub partner portal will ensure that users are automatically logged out following a period of inactivity. We recommend setting this period to 15 minutes to match the expiry of the locker link.

Links are generated individually for each page load, so every user will have a different encrypted link.

The locker link validity of 15 minutes can be changed – this requires some development knowledge.