RenderScreenshot

Signed URLs

Signed URLs allow you to generate secure, expiring screenshot URLs without exposing your API key in public HTML.

How It Works

  1. Generate a signature server-side using your secret key
  2. Include the signature and expiration in the URL
  3. Use the signed URL in public HTML
  4. We verify the signature on each request

Generating Signed URLs

URL Format

https://api.renderscreenshot.com/v1/screenshot?url=...&expires=...&signature=...&public_key=...

Java

import com.renderscreenshot.sdk.Client;
import com.renderscreenshot.sdk.TakeOptions;
import java.time.Duration;
import java.time.Instant;

Client client = new Client("rs_live_xxxxx");

// Generate a signed URL that expires in 24 hours
String signedUrl = client.generateUrl(
    TakeOptions.url("https://example.com").preset("og_card"),
    Instant.now().plus(Duration.ofHours(24))
);

// Use in HTML: <img src="${signedUrl}" />
// Or in meta tags: <meta property="og:image" content="${signedUrl}" />

Node.js

import { Client, TakeOptions } from 'renderscreenshot';

const client = new Client('rs_live_xxxxx');

// Generate a signed URL that expires in 24 hours
const signedUrl = client.generateUrl(
  TakeOptions.url('https://example.com').preset('og_card'),
  new Date(Date.now() + 24 * 60 * 60 * 1000)
);

// Use in HTML: <img src="${signedUrl}" />
// Or in meta tags: <meta property="og:image" content="${signedUrl}" />

PHP

use RenderScreenshot\Client;
use RenderScreenshot\TakeOptions;

$client = new Client('rs_live_xxxxx');

// Generate a signed URL that expires in 24 hours
$signedUrl = $client->generateUrl(
    TakeOptions::url('https://example.com')->preset('og_card'),
    new DateTime('+24 hours')
);

// Use in HTML: <img src="<?= $signedUrl ?>" />
// Or in meta tags: <meta property="og:image" content="<?= $signedUrl ?>" />

Python

from datetime import datetime, timedelta
from renderscreenshot import Client, TakeOptions

client = Client('rs_live_xxxxx')

# Generate a signed URL that expires in 24 hours
signed_url = client.generate_url(
    TakeOptions.url('https://example.com').preset('og_card'),
    datetime.now() + timedelta(hours=24)
)

# Use in HTML: <img src="{signed_url}" />
# Or in meta tags: <meta property="og:image" content="{signed_url}" />

Ruby

require 'openssl'

def sign_url(params, secret_key, expires_at)
  # Sort params alphabetically
  canonical = params.sort.map { |k, v| "#{k}=#{v}" }.join('&')
  canonical += "&expires=#{expires_at.to_i}"

  # Generate signature
  signature = OpenSSL::HMAC.hexdigest('sha256', secret_key, canonical)

  "#{canonical}&signature=#{signature}"
end

Expiration

Signed URLs must include an expiration timestamp. Maximum expiration is 30 days.

{
  "expires": 1735689600
}

Benefits

  • API key never exposed in public HTML
  • URLs expire automatically
  • Cannot be modified (signature verification)
  • Safe for og:image and public embeds

Was this page helpful?