Security

ImageKit.io provides certain features to secure your images and restrict the transformations that can be performed. Implementing these security features will stop unauthorized use of your image URLs, and make your code look much cleaner.

You can secure your images by restricting unsigned URLs, restricting unnamed image transforms, and using private images.

Restricting Unnamed Image Transformations

To use this security feature, you must be using Named Transformations.

Navigate to the Security Section within Image Settings on your dashboard.

Enable 'Restrict Unnamed Image Transformations' and click on 'Save'.

Restrict unnamed image transformation setting in ImageKit.io dashboard

Restricting Unnamed Transformations does not allow explicit transformations. For eg: enabling this feature and then trying to use tr:w-100,h-100 within the URL, or any other transform mentioned explicitly, would return a 'Bad Image Transformation Request' error.

Restricting Unsigned URLs

To use this security feature, you must be signing your image URLs.

Navigate to the Security Section within Image Settings on your dashboard.

Enable 'Restrict Unsigned Image URLs' and click on 'Save'.

Restrict unsigned image setting in ImageKit.io dashboard