# Secure URLs

## Secure URLs <a href="#secure-urls" id="secure-urls"></a>

Secure URLs prevent others from generating LibPixel image URLs on your behalf, which would count toward your usage limits.

Secure URLs contain an additional `signature` parameter at the end of the query string. Signatures are generated using your private Auth Secret.

By default, signatures are only required when using the `src` parameter. To enforce signatures for all requests, visit the Settings page and enable *Require Authenticated Requests*.

### Generating Signatures <a href="#generating-signatures" id="generating-signatures"></a>

The easiest way to generate Secure URLs is by using a [**LibPixel Client Library**](https://docs.libpixel.com/api-documentation/libraries). However, if one doesn't exist for the programming language you're using, you can generate the signatures yourself.

Steps for generating a signature:

1. Generate an image URL as normal.
2. Extract the path and query string from the URL. This is the data you'll be signing. The path must begin with a `/`, and must at least contain 1 character.
3. Generate an HMAC-SHA1 in hexadecimal format using your Auth Secret. This is your signature value.
4. Append a query string parameter `signature` with the signature value to the end of the original query string.

{% hint style="warning" %}
Include the `?` character between the path and query string components, but only if there is a query string.

If you signed a URL without a query string, then you must add a query string to the resulting URL which contains only the signature.

For example:

`https://yourdomain.libpx.com/?src=https://abcd.somewhere.com/images/header.png&width=200`

You would sign the string:

&#x20;`?src=https://abcd.somewhere.com/images/header.png&width=200`.

If you are using the **src parameter** then it is important to escape the source URL properly. Our client libraries do this automatically.&#x20;
{% endhint %}