Private Podcasts

What is_private: true actually means for your podcast, and exactly how your content is protected.

What private does

Setting a podcast to private removes it from every public surface on FernPod. A private podcast is invisible to anyone who doesn't have your API credentials.

No public website page

The /p/your-slug page returns a 404. No one can browse to your podcast's page or see its episodes listed publicly.

No RSS feed

The /feed/your-slug endpoint returns a 404. Your podcast cannot be submitted to Apple Podcasts, Spotify, or any other directory. It is not discoverable via RSS.

No embed player

The /embed/ endpoints return a 404 for private podcast episodes. No one can embed your audio on their site.

Excluded from sitemap and SEO

Private podcasts are excluded from /sitemap.xml. Search engines will never index your private podcast.

Signed audio and cover URLs

When you fetch episode or podcast data via the API, audio files, cover images, and transcripts are served through time-limited signed URLs that expire after 24 hours. Direct access without a valid signature returns a 403.

How signed URLs work

For private podcasts, FernPod protects your content files (audio, cover art, transcripts) with HMAC-signed URLs. Here's how it works:

  1. 1

    You call the API with your API key or JWT (e.g., GET /podcasts/:id/episodes).

  2. 2

    The API returns audio_url with ?sig=...&exp=... query parameters appended.

  3. 3

    The signed URL works for 24 hours. After that, fetch the episode again to get a fresh signed URL.

  4. 4

    Attempting to access the audio, cover, or transcript URL without a valid signature returns 403 Forbidden.

Example signed URL

https://fernpod.com/audio/a1b2c3/d4e5f6/g7h8i9.mp3?sig=4f2e...a1b3&exp=1711756800

What to know

Signed URLs can be shared

A signed URL is valid for anyone who has it, until it expires. If your AI agent or application passes a signed audio URL to an end user, that user can access the file for up to 24 hours. This is by design — it lets you build private podcast players and apps without proxying audio through your own server.

API access requires authentication

The only way to get a signed URL is through the authenticated API. You need a valid API key or JWT to fetch episode data. There is no public endpoint that reveals signed URLs.

Not DRM

Private podcasts prevent discovery and casual access. They do not prevent a determined user from downloading and redistributing audio once they have access to a signed URL. If you need DRM-level content protection, FernPod's private mode is not sufficient on its own.

At a glance

Surface Public podcast Private podcast
Website page (/p/slug) Visible 404
RSS feed (/feed/slug) Available 404
Embed player Available 404
Sitemap / SEO Indexed Excluded
Audio files Public URL Signed URL (24h)
Cover art Public URL Signed URL (24h)
Transcripts Public URL Signed URL (24h)
API access Auth required Auth required

How to make a podcast private

On create

POST /podcasts
{ "title": "My Private Podcast", "is_private": true }

Toggle later

PATCH /podcasts/:id
{ "is_private": true }   // make private
{ "is_private": false }  // make public

You can also toggle privacy from the dashboard when editing a podcast's settings.