Original images are our most prized assets. We put in a lot of effort to get these images. There might be cases where we do not want to allow access to our original images. For example -
- You run a paid image gallery and want to provide the original image only when someone completes the payment for the product.
- You watermark all the images on your website using ImageKit's real-time transformation parameters. And you do not want someone to just pick up the image URL from your website, remove the transformation string and get the original image. Or change the transformation string and remove the watermark altogether.
Private images can be particularly useful in such scenarios.
How do private images work in ImageKit?
Any original image that is marked as private (we will cover how to do this later) cannot be accessed directly from a normal image URL. You need to generate a valid signed URL to access a private original image.
The same will apply if you try to transform a private image with any real-time transformation parameter. You will need to generate a valid signed URL to access a transformation of the image.
However, if you have created some named transformations in your ImageKit dashboard, then only those named transformations can be used to transform your image. You can apply a named transformation on a private image even without a signed URL.
How can I mark an image as private?
- If you are uploading the image to ImageKit Media Library, then you can pass the parameter "isPrivateFile" as "true" in the image upload request. After the image is uploaded, the media library would indicate that the image is marked as private. If an image is marked as private once, its status cannot be changed. The complete documentation for the image upload API can be found here.
- If you are serving files from your S3 bucket added as an origin, then setting the object metadata "x-amz-meta-isprivatefile" as "true" will make it a private image for ImageKit. This doc from AWS gives a quick overview of adding metadata to an object in S3 https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html
- If you are serving files from your HTTP server added as an origin, then setting the header "Is-Private-File" as "true" in the response from your server marks that image as a private for ImageKit.
Below is the detailed view of a private image uploaded in the Media Library. Note that there is a message indicating that the image is private. The unsigned URL (available when you click on the "copy url" option in the screenshot below) for such an image would not work.