URL sealing

Secure part of your Cloudimage URLs against tampering

To prevent your customer from removing certain parameters, you can seal them. For example, if you don't want your users to get the image without a watermark or a certain filter, you can use the URL sealing feature. This system is similar to the URL signature feature but it is only sealing the ci_eqs parameters and allows you to add more filters and operations to the URL without re-generating the signature. This method is compatible with the Responsive images JS plugin.

Please be aware that when URL sealing is activated for your token, all Cloudimage URLs that are not signed properly will cease to work.

The signature is calculated as follows:

Signature = sha1('URI' + 'ci_eqs' + 'Salt') where URI = original_image_url and ci_eqs = value of the content of ci_eqs query string

The syntax to process an image is:


The Salt string is a shared secret between you and Cloudimage and only you will be able to calculate the signature of your images.


Before activating URL sealing, please make sure that all Cloudimage URLs contain the proper signatures (see the Usage section below).

To activate this feature, you need to navigate to Image Settings / Security and activate the URL security toggle.

In the Add Security modal, you need to choose URL Sealing and place a string you will be using as salt when generating the sealed parameter signature.


Step 1. Encode the query string

To watermark an image at the URL sample.li/birds.jpg with query string wat=1&wat_url=http://sample.li/louis-vuitton-logo-white.png&wat_scale=45&wat_gravity=southwest&wat_pad=15, you need to first base64-encode the query string:




Step 2. Create the signature

The signature has to be created by sha1-hashing the string 'URI' + 'ci_eqs' + 'Salt':

sha1('sample.li/birds.jpg' + 'd2F0PTEmd2F0X3VybD1odHRwOi8vc2FtcGxlLmxpL2xvdWlzLXZ1aXR0b24tbG9nby13aGl0ZS5wbmcmd2F0X3NjYWxlPTQ1JndhdF9ncmF2aXR5PXNvdXRod2VzdCZ3YXRfcGFkPTE1' + 'salt')

The final signature is:


Step 3. Construct the URL


The final URL becomes:


Step 4. Use and extend the request

You can use the URL as is or append more parameters to the query string:


Any parameters that are included in the sealed portion cannot be overwritten in the URL. For example, if a watermark is activated with wat=1 and sealed, appending wat=0 in the URL will not remove the watermark:


Last updated