Secure URLs

‚Äč

Secure URLs

Secure URLs prevent others from generating LibPixel image URLs on your behalf, which would count toward your usage limits.

Secure URLs contain an additional signature parameter at the end of the query string. Signatures are generated using your private Auth Secret.

By default, signatures are only required when using the src parameter. To enforce signatures for all requests, visit the Settings page and enable Require Authenticated Requests.

Generating Signatures

The easiest way to generate Secure URLs is by using a LibPixel Client Library. However, if one doesn't exist for the programming language you're using, you can generate the signatures yourself.

Steps for generating a signature:

  1. Generate an image URL as normal.

  2. Extract the path and query string from the URL. This is the data you'll be signing. The path must begin with a /, and must at least contain 1 character.

  3. Generate an HMAC-SHA1 in hexadecimal format using your Auth Secret. This is your signature value.

  4. Append a query string parameter signature with the signature value to the end of the original query string.

Include the ? character between the path and query string components, but only if there is a query string.

If you signed a URL without a query string, then you must add a query string to the resulting URL which contains only the signature.

For example:

https://yourdomain.libpx.com/?src=https://abcd.somewhere.com/images/header.png&width=200

You would sign the string:

?src=https://abcd.somewhere.com/images/header.png&width=200.

If you are using the src parameter then it is important to escape the source URL properly. Our client libraries do this automatically.