The transformation engine works with Filestack's existing security. You can pass your policy and signature as one of the transformation tasks.
Filestack has a limit to how large the images it will accept for conversions can be. The maximum accepted image size is 100,000,000 pixels, so an image with this many pixels could have width and height combinations like 10,000 x 10,000 or 5,000 x 20,000, etc. There is also a file size restriction. Filestack will not process an image that is larger than 256mb. Please contact us if you require the ability to process larger files than our current limits.
||Filestack file policies are URL safe, Base64, JSON parseable strings. To generate a policy, create a json object with the appropriate key value pairs. Then base64 encode it. URL safe is achieved by replacing '+' with '-' and '/' with '_'. Base64 also includes a trailing '=' as padding. You will need to leave this character in the string in order for it to be valid.
||The signature is a hex encoded string with lowercase letters. There are common libraries for calculating HMAC-SHA256 on a variety of languages. It is advisable to use a well tested and vetted library as opposed to writing your own. You can also generate policies and signatures in the Filestack developer portal in the Security section with the debugging tool.
A note on security policy best practices: The examples here use a global security policy with a long expiration length. This is solely to illustrate the structure and usage of security in the new transformation engine. It would not be considered safe. Ideally Filestack customers should generate policies on a case by case (read only, convert only, pick only) basis each with short expiration periods rather than setting a global policy that covers all uses. This protects your data and the data of your users.
Image Uploaded using a Filestack Account without Security Enabled and then transformed on an account that has security turned on
In this situation, the transformation requires a policy and signature in order for it to be performed, but only the Filestack handle is required from the source image
Image Uploaded using a Filestack Account with Security Enabled and then transformed on the same account
In this situation, the transformation requires a policy and signature in order for it to be performed, and the url to be transformed requires a policy and signature in order for it to be accessed. This can become quite cumbersome, so we have instituted a change where security policy and signature can be omitted for filelinks when they were created by the same application that will be performing the conversion.
External source image transformed using a Filestack Account with Security Enabled
In this situation, the transformation requires a policy and signature in order for it to be performed, but the url to be transformed does not because it is from outside the Filestack security ecosystem.