Creating a Signed URL Using the Bintray UI

Creating a Signed URL is now available to you through the Bintray friendly User Interface, from start to end.
If you are new to Signed URLs, you would rather check out this cool feature. Refer to the REST API Guide at URL Signing, and to the Sign me up! blog, discussing generating Signed URL using REST APIs.

Signed URLs are great for handing off a link to a single file download. They allow you to provide a link to download a published file from a private repository to a person that is not even a Bintray user! You are still able to track and monitor downloads volume and the identity of the users.

If you want to share a package or repository, or need to have more fine grained permissions control, take a look at Download Keys and Entitlements.

The scope here is files, hence, the option to generate a signed URL is available in the files view, under ‘Actions’:

Generate Signed URL

Once hitting ‘Generate signed URL’, the following form is opened:

Generate Signed URL Scrrenshot

This is where you wish to provide some extra parameters that make the Signed URL even smarter. All parameters are optional, except to the expiry field that is set to 30 minutes by default. The other parameters are described in the REST API guide.
The URL will be generated once you click ‘Create URL’. The file can be downloaded using curl in command line:

curl –X GET “signed URL” > filename.ext

Or just by copying and pasting the Signed URL into your browser.

Creating a Signed URL has never been easier!

Even more Vagrant love in Bintray

You, of course, know, that for nearly the last two years, you have been downloading your Vagrant software from JFrog Bintray. But recently, Bintray has taken Vagrant support to a whole new level; it is now is a fully fledged Vagrant repository allowing you to distribute your public and private Vagrant boxes from Bintray! As for everything in Bintray, it’s simple and powerful:

Publishing Vagrant Boxes

1. Create a Vagrant repository (if you’re a new user it is likely that you already have a default Vagrant repository named “boxes”):

Create a Vagrant repository

2. Click on “Set Me Up!” and copy/paste the REST command to upload the boxes:

Create a Vagrant repository

Consuming Vagrant Boxes

Follow the “Downloading” section under “Set Me Up!” to configure box resolution for downloading Vagrant boxes, and be able to enjoy automatic box update during ‘vagrant up’ a box either by an explicit call to  ‘vagrant box update’. That’s it, now you can benefit from all the power behind Bintray distribution: CDN, stats, logs, version notifications and more. So give it a try, put a box or two on JFrog Bintray today!

Download stats and logs – now with deep user insights

Ever wondered who exactly downloaded your software? I don’t mean just “someone from the United States.” I’m talking about getting down to the organization level in terms of “someone from Acme Corp. NY office”.

Now you can get this information, from Bintray:
Bintray Live Download Feed

This information is available for any package type for Bintray Premium users, but that’s not all. It is also available, for free, for every OSS package in JCenter!!! This means that if you own a package that is linked to JCenter you already have this information available today!

And not only can you get rich live logs of your downloads, you can retrieve fully parsable logs in CSV or Apache common format! Just use the REST API, or click the preferred log format link:
Bintray Download Logs

Log format options include the Apache-style logs, which can be analyzed by dozens of tools out there, or you can download the logs as CSV files. CSV files are usually easier to understand, and actually contain more data, such as ZIP code, geolocation etc. Download the CSV log and hack on! Or, you can even open it in Excel and show it to your boss:
Bintray Logs in CSV Format
Excel jokes aside, that’s the most powerful downloads analytics one can get and it’s there at your fingertips.

With Live Logs and Download Logs you get much more detail about activity within your repositories. This can be very helpful in analyzing peaks as it provides immediate feedback on the popularity of your software, and how this popularity is distributed by version, geo-location and organization. Naturally, it can also be used to direct you to where you should be focusing your marketing efforts.

It’s time to learn about your users!

Sign me up!

Bintray Premium gives you cool new features such as private repositories, permission management, more storage and so much more. One of the biggest benefits of using a Premium account is the ability to create expirable, signed URLs for your repositories’ content.

Signed URLs you said? What’s that?

A signed URL is an obscure URL with a (potentially) limited lifetime. When your artifacts are published in a private repository, each artifact is hidden from unauthorized Bintray users. If you want to allow any Bintray user, or even or a non-Bintray user to download your package, you can generate a one-time unique URL with an option to limit its validity so that is expires after a certain amount of time. You can also revoke any outstanding URLs at any time.

How does it work?

When you become a premium user in Bintray, your account holds unique, internal, private and public keys. The URL you decide to sign, will be encrypted and decrypted with those keys.

Let’s say user “srubin” has a private repository called “artifactory”.

This private repo contains a file, “artifactory.rar”, that protected from public access. Only authorized users can download it using the standard download link, which is:
https://dl.bintray.com/srubin/artifactory/com/jfrog/artifactorypro/artifactory.rar

Bintray Premium Link Signing

Bintray Premium Link Signing


To allow a one-off download of this file we will generate a signed URL for it using a simple REST call:

curl -XPOST -usrubin:APIKEY "https://api.bintray.com/signed_url/srubin/artifactory/com/jfrog/artifactorypro/artifactory.rar"

Response:

{
"url":"http://dl.bintray.com/srubin/artifactory/com/jfrog/artiafctorypro/artifactory.rar?expiry=1415101346415&signature=BfRaL2HDbCDsPyPThAnlI%2B0TG26NcH4i0ugyKZ%2FjevLiNfEdHXyUh0Q1NNGc1Pz7V1nZkeh9RAafrUyUE%2FMOFQ%3D%3D"
}

By default, this URL will be valid for 24 hours, but we can change that by specifying an expiry time in a simple JSON configuration document:

curl -XPOST -usrubin:APIKEY  -H "Content-Type: application/json"  -d "{\"expiry\":7956915742000}" https://api.bintray.com/signed_url/srubin/artifactory/com/jfrog/artiactorypro/artifactory.rar"

Response:

{
"url":"http://dl.bintray.com/srubin/artifactory/com/jfrog/artiactorypro/artifactory.rar?expiry=7956915742000&signature=g5OC3RXkFhnnFYfsgqFXw9J%2FfmwCzeIsd%2FHCRgm5VjCAhrzij1GPuAv0JwZPhGD0mEqs1y2WcQ77LMrDzp9%3D%3D"
}

More details about this API can be found in our documentation.

Summary

Signed, expirable URLs is a cool new feature of Bintray. It allows you to automate the generation of one-off download URLs and distribute them to any end user.

We will soon extend this feature to make it even cooler. Keep following to see what we have in store for you!

Enjoy Bintray and use it as pain-free gateway to Maven Central

What does it means when some tool or framework has literally dozens of guides, pages long each?maven central dinosaur
It probably means that it is popular, or complicated to use. Usually, both.

That’s the story of Maven Central (a.k.a. Central Repository, a.k.a. repo1, a.k.a. ibiblio). Of course, there is a better alternative nowadays – Bintray is already a super-set of Maven Central, both in terms of UI, UX and content, but Maven Central is still “hardwired” into the super-popular Maven 2. As such, it is being used by many – by Maven users of course, but also by Ivy, and even by Gradle users (those not familiar with Bintray’s ‘jcenter()’ repo yet). That means that you (still) want your package to also end up  there.

But getting it there is painful… *Very* painful.

Maven Central #fail

Click to enjoy the comments 😛

To understand how painful, next time you take a break, here’s a nice old-school text quest.

So, you get the picture. There has to be a better way. Indeed there is. Why don’t you use a proper distribution platform, with easy and intuitive on-boarding, publishing and sharing, with rich near real-time statistics, downloadable logs, packages inclusion, watching and sharing abilities, and much more. You know, Bintray.

Here’s the deal:

First, some simple one-time setup needed to be done.

  1. Register to Bintray and set up auto-signing: Generate yourself a keypair, if you don’t have one. Add it to your profile, and setup your default Maven repo (or a new one) for signing with your GPG key: Bintray can then sign your jars automatically.
  2. Add your Sonatype account under “accounts”. If you don’t have one, follow this procedure (yeah, we know what you are saying when you see it, that’s the last “wtf” in this guide, we promise).
  3. Create and link your package: Import from a GitHub repo or create a new package for your Maven project (multi-module projects can map to a single package). Click on “Add to JCenter” to get your package linked to the largest Java Maven repository on the planet.
  4. Set up Maven up to deploy to Bintray by copy-pasting the pom.xml snippets from “Set me up!” guide, or use the bintray-gradle-plugin.

Now, for each release, it’s easy as 1-2-3:

  1. Deploy: Deploy files to Bintray by running your build tool*.
  2. Publish: Review the build artifacts in Bintray and publish the version files if satisfied. Don’t forget to advertise your new release using a single-click tweet.
  3. Sync: On the version page go to the Maven Central tab (the one with the dinosaur icon on it), enter your Sonatype password and click “Sync” and you’re done! Your package is now in https://oss.sonatype.org/content/repositories/releases and will be synced to Maven Central (and they usually take their time). In case of a sync problem, Bintray will automatically take care of any needed cleanup.

Next, you’ll probably feel the urge to to tweet something like this:

Don’t resist it. You are joining spring, netty, jenkins, joda-time, asciidoctor and many many others that already feel the same way.


* Remember: distribution platform is not for SNAPSHOT-s. Stay tuned for our post about oss.jfrog.org to see how you can get access to a free binary repository with one-click promotion to Bintray.

Increase your package visibility, the social way!

So, your binaries are hosted on Bintray and you are watching your package download stats grow.
It’s time for a boost!
Two great new features online today; they might be small but they are powerful in spreading the word about your packages, or packages you like.

The Latest Download Image

Add a Download Link badge to your GitHub or Bitbucket ReadMe’s using our new Latest Download Image generator.
This will create a badge showing a download button, linking to the latest version of your package.
Currently we support: Markdown and Asciidoc, or plain old HTML.
Latest Version Download Badge

The Version Notification 

Visit any package hosted on Bintray and you will now find a “version notification link” badge that you can copy-paste to your website / blog / email.
Version Notification Link Badge
When your visitors click the badge, Bintray will encourage them to Watch the package, in Bintray’s usual friendly, non-obtrusive kind of way.
 
Watch alert - after clicking a version notification badge
Enjoy…