Signed URLs

When generating image URLs from your server, you can generate a signed (secure) image URL using your ImageKit.io private key. Signing adds additional query parameters to the image URL, which restricts altering the image transformation from the URL.

When generating signed URLs, use the private key available within the Developer section on the dashboard. Signing the URLs adds additional query parameters to ensure that image transformations cannot be altered from the URL. If a third party tries to modify the image transformation or the image URL, or use it beyond its intended expiry time, the request would return a 401 Unauthorised status code because of a signature mismatch.

A signed URL would be similar to :

https://ik.imagekit.io/your_imagekit_id/path-to-image.jpg?ik-s=generatedURLsignature&ik-t=UTCtimestamp

If you want to create a signed URL that uses a Web Proxy origin, you must encode the complete URL of the input image before signing it. For example, instead of using https://example.com/image.jpgas input for the signed URL, you should use https%3A%2F%2Fexample.com%2Fimage.jpg.

Generating Signed URLs

You can create a signed URL using server-side SDKs.

Node.js
Python
PHP
Java
Ruby
Node.js
var imageURL = imagekit.url({
path : "/default-image.jpg",
queryParameters : {
"v" : "123"
},
transformation : [{
"height" : "300",
"width" : "400"
}],
signed : true,
expireSeconds : 300
});
Python
image_url = imagekit.url({
"path": "/default-image",
"query_parameters": {
"v": "123"
},
"transformation": [{
"height": "300",
"width": "400"
}],
"signed": True,
"expire_seconds": 300
});
PHP
$imageURL = $imageKit->url(array(
"path" => "/default-image.jpg",
"queryParameters" => array(
"v" => "123",
),
"transformation" => array(
array(
"height" => "300",
"width" => "400"
),
),
"signed" => true,
"expireSeconds" => 300,
));
Java
List<Map<String, String>> transformation=new ArrayList<Map<String, String>>();
Map<String, String> scale=new HashMap<>();
scale.put("height","600");
scale.put("width","400");
transformation.add(format);
Map<String, Object> options=new HashMap();
options.put("path","/default-image.jpg");
options.put("signed",true);
options.put("expireSeconds",300);
String url = ImageKit.getInstance().getUrl(options);
Ruby
image_url = imagekit.url({
path: "/default-image",
query_parameters: {
"v": "123"
},
transformation: [{
height: "300",
width: "400"
}],
signed: True,
expire_seconds: 300
})

Pseudo-code for signed URL generation

If you want to generate the signed URL yourself, refer to the pseudo-code below.

// Assume we have an image URL
var imageUrl = "https://ik.imagekit.io/your_imagekit_id/tr:w-400:rotate-91/sample/testing-file.jpg";
// This is our endpoint
var urlEndpoint = "https://ik.imagekit.io/your_imagekit_id";
// Make sure urlEndpoint has a trailing slash (/)
if(urlEndpoint[urlEndpoint.length - 1] != "/") {
urlEndpoint = urlEndpoint + "/"
}
// Let's say we want to expire image in 300 seconds, so expireTimestamp (UTC timestamp) would be
var expiryTimestamp = parseInt(new Date().getTime() / 1000, 10) + 300;
// Remove the urlEndpoint from image URL
var str = imageUrl.replace(urlEndpoint,"");
// str will be tr:w-400:rotate-91/sample/testing-file.jpg
// Append the expiryTimestamp in above str
str = str + expiryTimestamp
// str will be tr:w-400:rotate-91/sample/testing-file.jpg9999999999
// Calcualte the signature using your priviate key
var signature = crypto.createHmac('sha1', "your_private_key").update(str).digest('hex');
// Add ik-t and ik-s query parameters in the url
var finalImageUrl = imageUrl + "?ik-t=" + expiryTimestamp + "&ik-s=" + signature;