Signed URLs

When generating image URLs from your server, you can generate a signed (secure) image URL using your ImageKit.io private key. Signing adds additional query parameters to the image URL, which restrict altering the image transformation from the URL.

When generating signed URLs, use the private key available within the Developer section on the dashboard. Signing the URLs adds additional query parameters to ensure that image transformations cannot be altered from the URL. If a third party tries to modify the image transformation or the image URL, or use it beyond its intended expiry time, the request would return a 401 Unauthorised status code because of a signature mismatch.

A signed URL would be similar to :

https://ik.imagekit.io/your_imagekit_id/path-to-image.jpg?ik-s=generatedURLsignature&ik-t=UTCtimestamp

Generating Signed URLs

You can create signed URL using server-side SDKs.

Node.js
Python
PHP
Java
Ruby
Node.js
var imageURL = imagekit.url({
path : "/default-image.jpg",
queryParameters : {
"v" : "123"
},
transformation : [{
"height" : "300",
"width" : "400"
}],
signed : true,
expireSeconds : 300
});
Python
image_url = imagekit.url({
"path": "/default-image",
"query_parameters": {
"v": "123"
},
"transformation": [{
"height": "300",
"width": "400"
}],
"signed": True,
"expire_seconds": 300
});
PHP
$imageURL = $imageKit->url(array(
"path" => "/default-image.jpg",
"queryParameters" => array(
"v" => "123",
),
"transformation" => array(
array(
"height" => "300",
"width" => "400"
),
),
"signed" => true,
"expireSeconds" => 300,
));
Java
List<Map<String, String>> transformation=new ArrayList<Map<String, String>>();
Map<String, String> scale=new HashMap<>();
scale.put("height","600");
scale.put("width","400");
transformation.add(format);
Map<String, Object> options=new HashMap();
options.put("path","/default-image.jpg");
options.put("signed",true);
options.put("expireSeconds",300);
String url = ImageKit.getInstance().getUrl(options);
Ruby
image_url = imagekit.url({
path: "/default-image",
query_parameters: {
"v": "123"
},
transformation: [{
height: "300",
width: "400"
}],
signed: True,
expire_seconds: 300
})

Pseudo code for signed URL generation

If you want to generate the signed URL yourself, refer the pseudo code below.

// Assume we have an image URL
var imageUrl = "https://ik.imagekit.io/your_imagekit_id/tr:w-400:rotate-91/sample/testing-file.jpg";
// This is our endpoint
var urlEndpoint = "https://ik.imagekit.io/your_imagekit_id";
// Make sure urlEndpoint has a trailing slash (/)
if(urlEndpoint[urlEndpoint.length - 1] != "/") {
urlEndpoint = urlEndpoint + "/"
}
// Let's say we want to expire image in 300 seconds, so expireTimestamp (UTC timestamp) would be
var expiryTimestamp = parseInt(new Date().getTime() / 1000, 10) + 300;
// Remove the urlEndpoint from image URL
var str = imageUrl.replace(urlEndpoint,"");
// str will be tr:w-400:rotate-91/sample/testing-file.jpg
// Append the expiryTimestamp in above str
str = str + expiryTimestamp
// str will be tr:w-400:rotate-91/sample/testing-file.jpg9999999999
// Calcualte the signature using your priviate key
var signature = crypto.createHmac('sha1', "your_private_key").update(str).digest('hex');
// Add ik-t and ik-s query parameters in the url
var finalImageUrl = imageUrl + "?ik-t=" + expiryTimestamp + "&ik-s=" + signature;