Aliases
Where your images reside on the internet.Aliases are named pointers to where your image assets live on the internet.
An alias is an association of a name with a url containing a domain, where your image assets can be accessed.
Anatomy of a request URL
https:// domain / APIv / token / alias / path ? xfs
| Segment | Description |
|---|---|
domain cdn.ixmage.com |
Access to the image API |
APIv v2 |
API Version |
| token | Your account identifier |
| alias | A source to your images; analogous to a folder |
| path | Given an alias, the path to find your image |
| xfs | The transformations to apply to the image |
Alias types
There are several types of aliases that have been implemented so far.
- Fetch: grabs images from your sources that are publicly available.
- S3 Bucket: grabs images from an Amazon S3 bucket.
- DO Space: grabs images from a DigitalOcean Space.
- Google Storage: grabs images from a Google Cloud Storage.
Fetch
This alias type will grab images that are publicly available on the internet. When setting it up, you specify the domain where the service can go grab your images. You can optionally specify any top-level folder structure that your images follow.
Continue reading about the Fetch alias type
S3 Bucket
This alias type will connect to an AWS S3 Bucket to access your images. Depending on how you have set up your bucket access, you may need to supply read-access credentials to be able to work with the bucket.
Continue reading about the S3 Bucket alias type
DO Space
This alias type will connect to a DigitalOcean Space to access your images. Spaces require access credentials to be able to connect and retrieve your images.
Continue reading about the DO Space alias type
Google Storage
This alias type will connect to a Google Cloud Platform Storage. To properly setup access, continue reading about the Google Storage alias type.
Learning by examples
An example of an alias would be to point the name
bucket1 to https://s3.us-west-2.amazonaws.com/my.bucket.name
where the S3 bucket has been set up to be open to the public.
Let’s assume we have our image repository living in an Amazon S3 bucket named
images.mydomain.com
Also assume: account token = TaAcCoOsS
We have the following 2 images inside the bucket:
- folder-one/my-image.png
- folder-two/another-image.png
We set up an alias named images-alias and point it to https://s3-us-west-2.amazonaws.com/images.mydomain.com
Now we can access our two known images like:
https://cdn.ixmage.com/v2/TaAcCoOsS/images-alias/folder-one/my-image.pnghttps://cdn.ixmage.com/v2/TaAcCoOsS/images-alias/folder-two/another-image.png
An alias effectively conceals the real source of the images.
Depending on the source of the images, case sensitivity may need to be honored. For example, AWS S3 buckets do require case-sensitivity where image.png and Image.PNG are different urls.
This may not be the case if your images are sourced from a Windows IIS setup.
Other Alias functions
Aliases also serve as methods to configure Access and Watermarks
Access
By default, an alias permits requests from anyone. This can be controlled by allowing referers into a white-list.
When a referer list is empty, this means it’s open for all. Adding referers to it turns it into a white-list where only the listed domains have access.
A referer is the requesting party identified by their Request Header Referer. The protocol is not needed.
Example: //example.com
Adding this referer will allow requests from any page within the //example.com domain. Any other requests will receive a 403 (Forbidden) error.
Read more details.
Watermarking
Watermarks only work when overlaying a png image as the watermark. The watermarked image can be of any format.
There are two main watermarking setups:
- Tiled
- Positioned (Non-tiled)
Tiled watermarks
A tiled watermark will take the configured png and paint it on top of your images as many times as it can, one after the other, going across and going down.
Positioned watermarks
To position the watermark, you can specify one of the following:
northwest north northeast
west center east
southwest south southeast
Watermarking + Access
Combining the two mechanics above, we can setup a group of images to be watermarked when used in certain domains, and have no watermark when used in others.
Let’s configure two aliases that point to the same source; for clarity for the example let’s name them:
- watermarked
- set up a watermark for this
alias
- set up a watermark for this
- nowatermark
- add
referersto thisaliasso it only responds to them.
- add
Now your images can be accessed by anyone using the watermarked alias, and only allowed domains will be able to access the same images, without the watermark (through the nowatermark alias).
When you request /v2/ it will be watermarked. There is no referer list on the alias (list is empty), so anyone can use it.
When you request /v2/ it will not be watermarked, and it will only work on webpages from the domains in the referers list.
Locking up an Alias
Every alias has a locked toggle which when turned on, will require a key parameter to open it.
The key is a SHA1 version of your token + querystring + secret
The querystring part should not contain the &key parameter
This technique is meant to be used server-side, because the secret should not be exposed publicly.
There is a key that will unlock any of your aliases, by using your account secret.
You can generate secrets per alias, so you do not have to hand out the master key, but instead you can hand out keys to a specific alias. You can revoke these keys at anytime from your Control Panel.
Refer to Key Generation for more details.
An example of a keyed request is:
/v2/
If anyone tries to change the operations/transformations of a locked request, for example the width in the above example, then the key will not be valid anymore as it is tied to the unique querystring.
If the key is not valid, a 403 error is returned.