Securing Images

Securing URLs adds a layer of security to your images, by blocking anyone who does not have access to your account from altering the URLs. This helps prevent your Sources from being used maliciously—for instance, to produce unwanted renders or as a CDN for a separate site.

We recommend securing all URLs that are used to serve your images. Although we do not require that Amazon S3, Google Cloud Storage, Microsoft Azure, and Web Folder Sources be secured.

To secure an image URL, we use a cryptographic hash function(MD5) to combine the original URL with a unique token that we generate for each secure Source. The result of this hash function is then appended to the end of your unsigned URL with the s parameter, creating a signed URL.

Suppose with below URL:

There are 3 main path in this URL: Pixta Cloud domain, path, query string. So the formula to generate secure key is: MD5(#{path}#{querystring}#{secure_key})

Above example, we assume that the secure key is wakanda123@, hence the result is: MD5("/books/database-internals.jpg?w=400&h=600&fit=cropwakanda123@")= 7d0d58f62c945d0ca08269205228bbe7. So that the final URL is https://image.pvnservices.com/books/database-internals.jpg?w=400&h=600&fit=crop&s=7d0d58f62c945d0ca08269205228bbe7

If the path or parameters of your URL are altered after the s parameter has been set, the altered URL will return a 401 code instead of an image. This prevents unauthorized parties from changing the parameters on your URLs, but it also means that if you need to change the parameters yourself, you will need to re-sign the new URL.

You can find your secure URL token by going to the view your source page and clicking on the button that says Show Token. This will only be available for Sources that have Secure URLs enabled.