Usage
Usage is: given an asset key and the transform you want, produce a signed HTTPS URL the edge will accept. You can do that in two ways:
-
With
@rendorix/client(recommended in Node) — The “Tailwind for images” model: you define presets once (width, height, format, quality—your design tokens for images). In server code, you callimg(…, { preset: "hero" })or add inlinew/h/f/qto tweak a preset. The library builds the URL and signature; you do not assemble query params or HMAC by hand. That keeps templates and components focused on names and options, not on crypto details. -
Without the library — Implement the same resolve → validate → canonicalize → sign pipeline yourself (e.g. Ruby, Go, or a shell script) using the wire format and signing rules your deployment documents. The edge does not care who signed the URL, only that the bytes match.
The browser always receives a fully formed URL (or srcset list); it never holds the HMAC secret. Framework choice (Astro, Next.js, etc.) only changes where server code runs—see Rendering strategies.
Read Generating image URLs for what the URL means on the wire, then Using presets and Overrides for app-level patterns.
Typical flows
Section titled “Typical flows”| Flow | Where signing runs | Notes |
|---|---|---|
| Server-rendered page (SSR, API route) | Per request or per session | Good for short signed TTL; no secret in the client. |
| Static build (SSG, CI) | At build time | URLs baked into HTML; rebuild when you need new links or longer-lived cache bust. |
| Backend job (email, PDF, notifications) | When the job runs | Same as SSR: only trusted code signs. |
| Client-only app | Does not sign with the HMAC secret | Use a small server or BFF endpoint that returns a fresh signed URL, or pre-signed responses from your API. |
All of these assume the browser only ever sees already-signed URLs or opaque tokens your backend exchanges for signed URLs.
Environment-specific behavior
Section titled “Environment-specific behavior”- Base URL — Use a config value like
RENDORIX_BASE_URL/PUBLIC_RENDORIX_HOSTso dev can point at a staging distribution and prod at the live CloudFront hostname or custom domain. - Secrets — The HMAC (or signing) key stays in server env, Secrets Manager, or CI secrets—never in
NEXT_PUBLIC_*or client bundles. - Preset catalogs —
devmight allow extra debug presets; prod should use a strict allowlist enforced at the edge (see Presets). - Link lifetime — Shorter
expin preview deployments if URLs might leak in PR comments or logs.
Links to deep dives
Section titled “Links to deep dives”- Generating image URLs — structure, parameters, signing order
- Using presets —
p=hero-style usage and deprecation - Overrides — bounded one-off parameters
- Signed URLs — why signing exists
- Security — HMAC and expiration details
- Rendering strategies — static vs SSR tradeoffs for where you sign
- Client library —
@rendorix/clientin Node (createRendorix/img)