URL signature

Protect your Cloudimage URLs from tampering

To prevent URL tampering and protect your token, every Cloudimage URL can be secured with an SHA-1 HMAC signature.

Please be aware that when the URL signature is activated for your token, all Cloudimage URLs which are not signed properly will cease to work.

The signature is calculated as follows:

Signature = sha1('Salt' + 'URI')
where URI = original_image_url?operations&filters

The syntax to process an image is:

//token.cloudimg.io/original_image_url?operations&filters&ci_sign=Signature

Because the Salt is a shared secret between you and Cloudimage, only you will be able to calculate the signature of your images.

Activation

Before activating the URL signature, please make sure that all Cloudimage URLs contain the proper signature.

To activate this feature, you need to navigate to Image Settings / Security and activate URL security toggle.

In the Add Security modal, you need to choose URL Signature and place a string you will be using as salt when generating the URL signature.

Last updated 1 year ago