If you are running Blitline jobs from a public client (such as Javascript), you need to protect your Application ID. (Or if you just want an addtional level of protection on your regularly submitted jobs)


You can do this by using Signed Requests


If your doing your Blitine processing server-side, this is optional, especially if you are using https/ssl


Signed Requests


To sign you Blitline jobs, you can do this by replacing the Application ID with


  • public_token : Your public token from your Blitline home page
  • expires : The time at which this signed request will expire, in rfc822 format (“Fri, 23 Dec 2011 09:42:59-0800”)
  • key_transform : A Regex expression designed to match your S3 keys that you will be submitting (like “^mys3folder/”)
  • signature : The SHA1 signed signature of your data


Signature


The signature consists of a set of concatenated strings.


The strings necessary to generate the signature are the following:


  • secret : Your private secret from your Blitline home page
  • expires
    The time at which this signed request will expire, in rfc822 format (“Fri, 23 Dec 2011 09:42:59-0800”)
  • key_transform : A Regex designed to match your S3 keys that you will be submitting (like “^mys3folder/”)


ONCE YOU HAVE THESE VALUES…


  • You will concatenate those strings and SHA1 that concatenation:

    • signature = SHA1(secret + expires + key_transform)

Ruby Example:

require 'digest/sha1'

my_secret = "87Hyu684720923" #Example secret
expires = DateTime.parse("12/10/2014")
key_transform = "^myfolder"

signature = Digest::SHA1.hexdigest(my_secret + expires.rfc822 + key_transform)


signature valus is now “9ed994e8426ac22ad1f12b8efa6cc2071810cfa5”


Lets put it all together!


Assuming you have followed the steps above, we can now build our JSON for submitting.


{
  "public_token" : "YOUR_PUBLIC_TOKEN",
  "expires" : "Sun, 12 Oct 2014 00:00:00 +0000",
  "key_transform" : "^myfolder",
  "signature" : "9ed994e8426ac22ad1f12b8efa6cc2071810cfa5",

  "src" : "https://s3.amazonaws.com/blitdoc/pdfs/multi_page_sample.pdf",
  "src_type" : "multi_page",
  "functions" :
  [{
    "name": "resize_to_fit",
    "params": { "width" : 200, "height" : 200},
    "save" : {
          "s3_destination" : {
              "bucket" : "MY_BUCKET",
              "key" : "myfolder/i38d443324/output.png"
          },
          "image_identifier" : "external_sample_1"
      }
   }
  ]
}


When the server gets this job, it will verify that the signature matches the application with the specified public_token, matches the keys, and hasn’t expired.


All keys submitted MUST match the key_transform. If any key has an empty match the entire job will be rejected.