Download & Access
Once you own a module, you can download its source files. CodeSCE protects those downloads so that only you — signed in and on your own session — can retrieve them, and so that a link can't be reused or shared.
Signed download links
Every time you start a download, CodeSCE issues a fresh signed link for that specific download. The link is:
- Bound to your account — it only works for the user who requested it.
- Bound to the module — it can't be pointed at anything you don't own.
- Bound to your network — it's tied to the IP address it was issued to.
On top of the signed link, the actual download still requires a valid session and a live ownership check — the server re-verifies that you own the module on every request, not just at purchase time.
One-time secure access
Each signed link is single-use. The moment it's used to begin a transfer, it's consumed and can't be used again. When you click Download again, the app quietly requests a brand-new link — you never reuse an old one.
This makes replay impossible: even a captured link can't be "played back" to pull the file a second time.
Expiration behavior
Signed links are very short-lived — up to 60 seconds. They're designed to be requested and used immediately, so there's never a long-lived URL floating around.
Why so short?
The link is generated at the instant you click Download and used right away. A 60-second window is plenty for the transfer to start, while leaving effectively no time for a link to be intercepted and abused.
Why a leaked link is useless
Put together, the protections mean a shared or intercepted link does an attacker no good:
- It expires within a minute.
- It's already consumed after its single use.
- It only works from the original IP, and only with the original owner's signed-in session — which a third party doesn't have.
So even in the worst case, the link is worthless to anyone but you.
Next step
Got the files? Learn how to set them up in Using a Module →.