Exemplary embodiments are directed to a method for allowing a user at a first client device to provide access to restricted content on a content provider server to a user at a second client device without providing identifying information of the second client device or the user to the content provider. The content provider receives a request from a messaging app on a first client device for sharing of a content item with a second client device and generates a metadata block comprising at least a link to the content item. The metadata block is sent to the first client device and, in response, a public key of a private/public key pair of the second client device is received from the first client device. A request for the content item, is then received and contains a data item digitally signed using the private key of the private/public key pair of the second client device. The public key is then used to verify the digitally signed data item, thereby confirming the identity of the second client device. Thereafter, the requested content item is sent to the second client device.