Signed URLs
Render responses don't return the PNG bytes — they return a signed URL: a link to the image that already carries proof you're allowed to fetch it.
In One Paragraph#
The link embeds your tenant, the plan at issue time, an expiry (exp), and an HMAC sig over all of it, so the worker can serve the asset without you sending an API key. The link is time-limited — its lifetime is your plan's retention window — and stops working once exp passes. Just GET the url to download the PNG.
https://api.maddoxapi.dev/v1/labels/<hash>?tenant_id=…&iat_plan=…&exp=…&sig=…Why Signed URLs#
- No key in the browser — you can hand the URL to a frontend or a webhook consumer without leaking your API key.
- Tamper-evident — changing any query parameter invalidates the
sig. - Expiring — access is bounded by the plan's retention window, not forever.
NoteA render's
url field is one of these signed links. Fetch it directly — no Authorization header needed.Render a Label
Where the url comes from.
Plans & Quotas
Retention windows by tier.