URL Signing
Signing a url is the most secure way to prevent misuse of your API Key. It requires computation on the backend of your website.
Activation of signatures
- in the user menu, select the API keys tab
- for the key you want to activate the function for, go to settings
- in the menu, select the Security tab
- activate Signed URL and save the settings
- note down the signing key (for example: abcd1234)
Now you must sign every image displayed through this API key. Unsigned use of the key will return an error image.
How to create a signed URL?
-
your original URL looks something like this:
https://abcdef.imagedit.io/v1/https://web.cz/image.png?w=100&grayscale=on
-
combine your signing key with your URL and make a sha1 hash out of the value:
sha1(abcd1234https://web.cz/image.png?w=100&grayscale=on)
(result: abcdefghijklmnopqrstuvwxyz)
-
attach the resulting hash to your request:
https://abcdef.imagedit.io/v1/https://web.cz/image.png?w=100&grayscale=on&sign=abcdefghijklmnopqrstuvwxyz
If you use "Presets" or "Hide Image Source", you actually perform the signature calculation only from the URL of your request!
By activating URL signatures for the selected token, you will disable all uses that do not have a signature.