diff --git a/src/@types/commands.ts b/src/@types/commands.ts
index de4d99278..7a9980f77 100644
--- a/src/@types/commands.ts
+++ b/src/@types/commands.ts
@@ -60,6 +60,7 @@ export interface DownloadCommand extends Command {
   signature: string
   aes_encrypted_key?: string // if not present it means download without encryption
   policyServer?: PolicyServerTask // object to pass to policy server
+  userData?: Record<string, any>
 }
 
 export interface FileInfoCommand extends Command {
diff --git a/src/components/core/handler/downloadHandler.ts b/src/components/core/handler/downloadHandler.ts
index 2c8846448..7197d4bb3 100644
--- a/src/components/core/handler/downloadHandler.ts
+++ b/src/components/core/handler/downloadHandler.ts
@@ -511,6 +511,18 @@ export class DownloadHandler extends CommandHandler {
         decriptedFileObject = decryptedFileData.files[task.fileIndex]
       }
 
+      CORE_LOGGER.info('Decrypted file object: ' + JSON.stringify(decriptedFileObject))
+      if (decriptedFileObject?.url && task.userData) {
+        const url = new URL(decriptedFileObject.url)
+        const userDataObj =
+          typeof task.userData === 'string' ? JSON.parse(task.userData) : task.userData
+        for (const [key, value] of Object.entries(userDataObj)) {
+          url.searchParams.append(key, String(value))
+        }
+        decriptedFileObject.url = url.toString()
+        CORE_LOGGER.info('Appended userData to file url: ' + decriptedFileObject.url)
+      }
+
       if (!validateFilesStructure(ddo, service, decryptedFileData)) {
         CORE_LOGGER.error(
           'Unauthorized download operation. Decrypted "nftAddress" and "datatokenAddress" do not match the original DDO'
diff --git a/src/components/httpRoutes/provider.ts b/src/components/httpRoutes/provider.ts
index 0c857bac8..0c7649242 100644
--- a/src/components/httpRoutes/provider.ts
+++ b/src/components/httpRoutes/provider.ts
@@ -209,9 +209,21 @@ providerRoutes.get(
         transferTxId,
         nonce,
         consumerAddress,
-        signature
+        signature,
+        userdata
       } = req.query
 
+      let parsedUserData: any = null
+      if (userdata) {
+        try {
+          parsedUserData = JSON.parse(userdata as string)
+        } catch (e) {
+          // Log error but don't block request if userdata is malformed
+          HTTP_LOGGER.logMessage(`Invalid userdata JSON: ${userdata}`, true)
+          parsedUserData = null
+        }
+      }
+
       const downloadTask: DownloadCommand = {
         fileIndex: Number(fileIndex),
         documentId: documentId as string,
@@ -222,7 +234,8 @@ providerRoutes.get(
         signature: signature as string,
         command: PROTOCOL_COMMANDS.DOWNLOAD,
         policyServer: (req.query.policyServer as any) || null,
-        authorization: authorization as string
+        authorization: authorization as string,
+        userData: parsedUserData
       }
 
       const response = await new DownloadHandler(req.oceanNode).handle(downloadTask)