Skip to content

imgix Source URL Token

Service Name: Imgix

Service Description: Imgix is a real-time image processing service and CDN that transforms, optimizes, and delivers images to improve web performance. It allows developers to manipulate images on-the-fly using URL parameters.

Service Address: https://imgix.com/

Validation Type: API Auth

IP Allow list: Does not exist at the token level, but domain restrictions can be configured in the Imgix dashboard.

Secret Access Scope: Grants access to create and serve transformed images from a specific Imgix source. The token allows for signing URLs to prevent URL parameter tampering and unauthorized image transformations.

Secret Revokement URL: https://dashboard.imgix.com/sources

Secret Example: 3QuCYJLU5hkHWJrJ

Suspicious Activity Investigation Instructions:

  • Review Imgix analytics dashboard for unusual traffic patterns or spikes.
  • Check for unauthorized domains accessing your Imgix sources.
  • Monitor bandwidth usage for unexpected increases.
  • Review image transformation patterns for potentially abusive transformations.
  • Check server logs for unusual requests to your Imgix-served resources.

Mitigation Instructions:

  • Log in to your Imgix dashboard at https://dashboard.imgix.com/
  • Navigate to the Sources section.
  • Select the compromised source.
  • Under the Security tab, generate a new signing key.
  • Update the signing key in all your applications and services.
  • Consider enabling domain restrictions to limit which domains can serve your images.
  • Update your code to use the new signing key for generating secure URLs.
  • Monitor traffic after the key rotation to ensure proper functionality.