Public Access Controls

This feature is available on these plans:

✔️ Growing only for Password Auth
✔️ Scaling ✔️ Enterprise
By default a public Space does not have any authentication method, but you can choose and set a few:
Space-wide password;
Guest accounts, where you manually create email + password combos and distribute them to your users;
Magic Links, where you enter specific emails or entire domains, and users will authenticate using a link that we send to their email address;
Private Links, where you can generate private links and share them with your users and teams. Manage access control per user group via links;
JWT, where your dev team generates a JWT with a secret key you provide in our UI, then pass it back to us as part of a link. This is the easiest to manage, but you will require developer time.
None
The default behaviour is set as None, meaning it is available publicly. You can change to controls to limit the access for readers.
Everyone with the link will be able to read content.
Links are safe to share because they are cryptographically generated and unguessable.
﻿
When you want to gate the contents to specific readers, try any of the options below.
Here is the breakdown of each control by each subscription plan:
Growing
Scaling
Enterprise
Password
Password 
Password
﻿
Guest Accounts
Guest Accounts
﻿
Magic Link
Magic Link
﻿
JWT authentication
JWT authentication
﻿
Guest Accounts
Create guest accounts. Everyone with the link and a guest account will be able to read the content. Guest accounts are not charged as seats in Archbee.
﻿
﻿
Magic Link
Users will be able to authenticate to your space with their email address if you add their email address or their email domain to the list below.
Everyone with the link and a matched account will be able to read the content. Accounts are not charged as seats in Archbee.
﻿
﻿
Private links
Generate Private links for specific user groups/teams. Each user group/team will have their own link to the same documentation and you can manage access control via this links. You need to cut access for team 1? Delete the private link associated with team 1.
﻿
﻿
﻿
How JWT works
JWT visitor authentication
Go to the Spaces settings, and set a JWT secret key that you generate on your server
﻿
﻿
Use one of the examples below to generate the JWT token.
You also need to replace the URL with the subdomain of your documentation site.
Node.js
|
const sign = require('jsonwebtoken').sign;

exports.buildArchbeeLoginURL = function() {
  // Optional user credentials that you want to send back to Archbee
  const user = {
    name: 'John',
    email: 'Wick',
  };
  //create a signed token out of the user credentials with the
  //secret you set in Archbee
  const jwtToken = sign(user, '<archbeeJwtSecret>');
  //yourdomain is set in the Custom Domain tab
  const archbeeUrl = 'https://yourdomain.com';
 
  //create the complete URL containing the signed token that you'll send back to Archbee
  return `${archbeeUrl}?jwt=${jwtToken}&reload`;
};
const sign = require('jsonwebtoken').sign;

exports.buildArchbeeLoginURL = function() {
  // Optional user credentials that you want to send back to Archbee
  const user = {
    name: 'John',
    email: 'Wick',
  };
  //create a signed token out of the user credentials with the
  //secret you set in Archbee
  const jwtToken = sign(user, '<archbeeJwtSecret>');
  //yourdomain is set in the Custom Domain tab
  const archbeeUrl = 'https://yourdomain.com';
 
  //create the complete URL containing the signed token that you'll send back to Archbee
  return `${archbeeUrl}?jwt=${jwtToken}&reload`;
};
﻿
Here is an example to generate a JWT token with .NET: https://github.com/dragosbulugean/archbee-jwt-dotnet﻿
JS
|
using JWT;
using JWT.Algorithms;
using JWT.Serializers;

var payload = new Dictionary<string, object>
{
    { "name", "John Wick" },
    { "email", "john.wick@matrix.com" }
};
const string secret = "TW9zaGVFcmV6UHJpdmF0ZUtleQ";

IJwtAlgorithm algorithm = new HMACSHA256Algorithm(); // symmetric
IJsonSerializer serializer = new JsonNetSerializer();
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);

var jwtToken = encoder.Encode(payload, secret);
var archbeeLink = $"https://docs.yourcompany.com/?jwt={jwtToken}&reload";

Console.WriteLine($"JWT Token: {jwtToken}");
Console.WriteLine($"Archbee Link: {archbeeLink}");
using JWT;
using JWT.Algorithms;
using JWT.Serializers;

var payload = new Dictionary<string, object>
{
    { "name", "John Wick" },
    { "email", "john.wick@matrix.com" }
};
const string secret = "TW9zaGVFcmV6UHJpdmF0ZUtleQ";

IJwtAlgorithm algorithm = new HMACSHA256Algorithm(); // symmetric
IJsonSerializer serializer = new JsonNetSerializer();
IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder();
IJwtEncoder encoder = new JwtEncoder(algorithm, serializer, urlEncoder);

var jwtToken = encoder.Encode(payload, secret);
var archbeeLink = $"https://docs.yourcompany.com/?jwt={jwtToken}&reload";

Console.WriteLine($"JWT Token: {jwtToken}");
Console.WriteLine($"Archbee Link: {archbeeLink}");
﻿
JWT tokens are bypassed on Preview/Staging
﻿