imgix Source URL Token
Service Name: Imgix
Service Description: Imgix is a real-time image processing service and CDN that transforms, optimizes, and delivers images to improve web performance. It allows developers to manipulate images on-the-fly using URL parameters.
Service Address: https://imgix.com/
Validation Type: API Auth
IP Allow list: Does not exist at the token level, but domain restrictions can be configured in the Imgix dashboard.
Secret Access Scope: Grants access to create and serve transformed images from a specific Imgix source. The token allows for signing URLs to prevent URL parameter tampering and unauthorized image transformations.
Secret Revokement URL: https://dashboard.imgix.com/sources
Secret Example: 3QuCYJLU5hkHWJrJ
Suspicious Activity Investigation Instructions:
- Review Imgix analytics dashboard for unusual traffic patterns or spikes.
- Check for unauthorized domains accessing your Imgix sources.
- Monitor bandwidth usage for unexpected increases.
- Review image transformation patterns for potentially abusive transformations.
- Check server logs for unusual requests to your Imgix-served resources.
Mitigation Instructions:
- Log in to your Imgix dashboard at https://dashboard.imgix.com/
- Navigate to the Sources section.
- Select the compromised source.
- Under the Security tab, generate a new signing key.
- Update the signing key in all your applications and services.
- Consider enabling domain restrictions to limit which domains can serve your images.
- Update your code to use the new signing key for generating secure URLs.
- Monitor traffic after the key rotation to ensure proper functionality.