When generating image URLs from your server, you can generate a signed (secure) image URL using your ImageKit.io private key. Signing adds additional query parameters to the image URL, which restrict altering the image transformation from the URL.
When generating signed URLs, use the private key available within the Developer section on the dashboard. Signing the URLs adds additional query parameters to ensure that image transformations cannot be altered from the URL. If a third party tries to modify the image transformation or the image URL, or use it beyond its intended expiry time, the request would return a
401 Unauthorised status code because of a signature mismatch.
A signed URL would be similar to :
ImageKit.io provides two methods of generating signed URLs for your images:
Implementing the URL generation and signature logic on your own.
Append the following strings:
Your ImageKit ID
The complete transformation string without tr: in the beginning.
The UTC timestamp in seconds to set the expiry of the URL. If you do not want the URL to expire, set the value as 9999999999.
Image Key, which is the image URL without the URL pattern and the transformation string. It should include all the query parameters except the signature related query parameters -
ik-t (explained below).
For eg: If the image URL is - https://ik.imagekit.io/demo/tr:h-100,w-100:rt-90/files/image.jpg?version=1
Then it can be broken down into the following parts:
ImageKit ID - demo
Transformation string - h-100,w-100:rt-90
UTC Timestamp - <defined by you while generating the signature>
Image path - files/image.jpg?version=1
Once you append the strings, create an HMAC-SHA1 signature for the appended string using your private key as your key.
Generate hex digest of the above and attach it to the URL as a query parameter named
If you used a UTC timestamp (other than the default 9999999999) to set the expiry time while calculating the hash, add it to the URL as a query parameter named