Limiting Source Images To A Particular Domain
On your account settings page, you can enter a list of domain names that host the images you wish to convert. This prevents people from using your account to process their own images. When a request is made using your API key, the domain name of the source image is checked against this list. This list is ignored if a signature parameter is sent.
Requiring A Signature
To protect your account from unauthorized use, you can require that a valid signature is sent along with each request in the signature parameter. To turn this feature on, check the "Signature Required?" checkbox on your account settings page.
Calculating A Signature
The signature is calculated with the following formula, which is the same formula that Amazon Web Services uses:
where YourSecretKey is the secret key listed in your account settings , and StringToSign is the query string (everything after the "?"), excluding "signature" parameters, in the same order as in the query.
Remember to URL-escape the signature when including in your query string.
Example Ruby code to generate the signature:digest = OpenSSL::Digest::Digest.new("sha1")
Base64.encode64(OpenSSL::HMAC.digest(digest, your_secret_key, your_query_string)).strip
Testing Your Signature
We have created a tool to help test whether you are generating a signature correctly. To see it, log in and come back to this page.