Signed URLs that delete themselves after one download.
S3 and R2 presigned URLs leak: anyone who gets the link can replay it until it
expires. Our API issues single-use links that die on first download, strip
metadata server-side, and take a password and TTL as plain parameters.
One POST, one link, gone after one GET.
curl https://apis.bneck.com/api/v1/sends \
-H "Authorization: Bearer bn_xxx" \
-F [email protected] \
-F max_uses=1 \
-F expires_in=3600 \
-F password=hunter2
→ returns { url, id, max_uses, expires_at, metadata_stripped, credits_charged }.
After the first download (or when expires_in elapses) the link returns 410 Gone.
What S3 presigned URLs can't do
· Single-use, enforced server-side - set max_uses=1 and the link is dead the
instant the first download completes. No Lambda, no edge function, no counter
to build. One field.
· Metadata stripped before download - EXIF/GPS from images, document metadata
from PDFs, removed on upload. Returned as metadata_stripped:true.
· Password + expiry are just parameters - "one person, one download, in the
next hour, only if they know the word." The combination is the product.
· Prepaid credits - buy up front, credits_charged on every response, no metered
surprise invoice.
Send a file that opens once, then disappears.
Get a link that works for a single download. Add a password, set an expiry,
and we scrub hidden metadata (location, device, author) out before the file
ever leaves our server.
Opens once, then it's gone
Share something sensitive without it living in an inbox forever. The link works
for a single download - then it's gone, and the file is deleted from our server.
Lock it with a password and a clock
Set a password only the right person knows, and an expiry so the link can't sit
around. A leaked link with no password and no deadline is just a public file.
Hidden metadata stripped - and we never train AI on your files
Photos and documents carry hidden data: where it was taken, what device, who
made it. We strip that out before delivery. Your files are used to do exactly
one thing - deliver them to your recipient - then deleted.
Every transfer is tied to a verified sender, carries a report-abuse path, and
blocks executable file types. We strip metadata on our servers, so this is not
anonymous or zero-knowledge delivery - it's safe, accountable delivery.
Free tools: remove EXIF · strip PDF metadata · remove GPS
Guides: all articles · API docs
Terms · Acceptable Use · Abuse & Takedown · Privacy
bottleneck (bneck) is a developer API and toolset to send files securely: single-use and
expiring signed download links and server-side metadata stripping. If you searched for the
bneck api, the bottleneck api, or secure file transfer - you're in the right place.
Looking for short links / link shortening? That's bneck.com.