Digital products in Medusa – how the platform handles downloads and protected files

Selling digital goods looks simple on the surface, but most e-commerce engines reveal their limitations as soon as you add expiring links, secure storage, or multiple delivery channels. Medusa takes a different path: instead of forcing one rigid definition of a “digital product,” it gives developers full control over how files are stored, accessed, delivered and protected.

While Medusa doesn’t include a native digital-product model, it provides all the building blocks to implement one cleanly - private file storage, controlled download URLs, and an event system that can trigger notifications once an order is paid. This is exactly the type of flexibility that composable commerce requires.

How Medusa handles digital content at the platform level

Medusa treats digital assets as secure resources stored outside of the storefront and served only to authorized users. Because files never live directly in the repository, they can be delivered through storage engines such as Amazon S3 or MinIO, and exposed through signed URLs with precise expiration rules.

This gives developers predictable control over:

• how long a link remains active,
• how many times a customer can download a file,
• which orders should receive access,
• what happens when a link expires or must be regenerated.

The mechanism is simple: Medusa stores metadata for the item and generates expiring download links only after the order reaches a defined state (usually “completed”). The file itself remains completely private.

Creating digital products in Medusa - what changes in the data model?

There is no separate “digital product” entity inside Medusa, so each implementation depends on your use case. The most common pattern is extending the product or variant with fields such as:

• a private storage key (path to S3/MinIO object),
• file type or size,
• the number of allowed downloads,
• an expiry window (hours, days, weeks).

By storing only metadata in Medusa and the actual asset in secure storage, you avoid coupling business logic with file management. This keeps the system clean and prevents issues when migrating to another cloud provider or adding additional delivery channels.

For development teams, this approach reduces overhead - you can evolve the digital-delivery logic without touching product-catalog functionality.

File storage for digital products - choosing between S3 and MinIO

Medusa supports multiple storage backends through plugins. Two solutions dominate digital-product workflows:

Amazon S3 – reliable cloud storage for production

S3 offers durability, global distribution and predictable performance. For stores selling high volumes of downloads or operating internationally, S3 ensures:

• private file buckets accessible only via signed URLs,
• region-based selection for lower latency,
• compatibility with CDN layers for faster delivery,
• native lifecycle rules to control file archiving or cleanup.

MinIO – local, self-hosted alternative compatible with S3

MinIO behaves like S3 but can run anywhere - in Docker, Kubernetes, or a private datacenter. This is ideal if:

• you need full control over infrastructure,
• the project must avoid cloud-vendor lock-in,
• data residency or compliance requires on-prem storage,
• CI environments need a lightweight S3-compatible backend.

The Medusa S3 plugin works with both engines. Switching between them rarely requires code changes, which is crucial for long-term maintainability.

Generating secure download links in Medusa

After a successful order, Medusa’s workflow engine can trigger a download-delivery step. Most teams rely on one of two patterns:

Short-lived signed URLs

Medusa calls the storage backend to create an expiring link that grants temporary access. Customers receive it via e-mail or through their account dashboard. This ensures that:

• files are never publicly exposed,
• links automatically invalidate after a set period,
• access is tied to real purchase events.

Regenerate-on-demand links

Some businesses prefer regenerating a fresh link every time the customer requests a download. Medusa’s event layer makes that trivial - the handler checks order status, validates customer identity and generates a new signed URL.

In both approaches, Medusa stays responsible for the business rules, while S3/MinIO handles secure delivery.

Integrating digital product delivery with Medusa’s notification system

The notification system ties the entire workflow together. Once a purchase is completed, Medusa can trigger a notification provider - such as Email, SendGrid, Mailgun, or a custom service - to deliver the download link.

A typical flow looks like this:

1. Payment succeeds and the order transitions to the “completed” state.
2. A Medusa event fires (e.g., order.completed).
3. A subscriber generates the signed URL.
4. The notification provider receives the URL and places it inside a message template.
5. The customer receives a secure download link with an expiration timer.

This flow is clean, auditable and decoupled - each step can be tested or replaced independently.

Delivering multiple files or multi-asset products

Many digital products include more than one file. A course may include audio, video and PDFs; a software license may ship binaries and documentation; an e-book platform may deliver multiple formats.

Medusa supports this through structured metadata or by creating multiple digital-asset records per variant. Each asset can have its own:

• storage path,
• signing rule,
• expiration period,
• delivery logic.

Because each file is managed independently, updates to one component never break access to the others.

FAQ – common questions about digital products in Medusa

Does Medusa support digital products natively?
Not as a separate product type, but the platform provides all required components - secure storage, signed URLs, metadata fields and event hooks - to implement them cleanly.

Why store files on S3 or MinIO instead of Medusa itself?
Digital files should never live in the backend repository. Storing them externally improves security, reduces server load and lets you scale independently of Medusa.

Are download links permanent?
No. Links should be generated as short-lived signed URLs. Customers can receive new ones through notifications or via their account dashboard.

Can digital products have download limits?
Yes. Since the rules live in custom logic, you can track how many times a link has been used, or disable downloads once a limit is reached.

Does this approach work with mobile apps or PWAs?
Yes. Medusa exposes the same logic through API routes, so any frontend - web, app or kiosk - can request secure downloads.

Implementing digital products in Medusa - why it works

Medusa’s strength lies in its modular, event-driven design. Instead of forcing a fixed structure, it gives developers freedom to build digital-delivery workflows tailored to the business:

• files stay secure and private,
• download links expire automatically,
• notifications run independently,
• storage can be swapped without code rewrites,
• the model scales naturally across regions and channels.

Teams avoid the rigidity of monolithic platforms and the complexity of custom-built digital-delivery solutions.

Need help implementing digital products on Medusa?

The U11d team designs, builds and audits Medusa-based architectures - including secure digital-product pipelines, S3/MinIO storage layers, download workflows and notification systems. If you’re planning to introduce digital products or migrate from a legacy engine, we can help you build a clean, scalable implementation.