Skip to content
Keenpix docs
API reference

SDK API

Authenticated JSON endpoints for trusted backend integrations.

The SDK API is for trusted backend systems and external integrations that need to manage Keenpix projects programmatically. It is separate from the public /img/* transform endpoint: image URLs stay keyless and are still protected by each project's allowed source hosts.

Create an internal API key from Settings -> API keys as a super admin. Keys can be scoped to every project or to one project. Project-scoped keys can read and write only that project and cannot create new projects.

Send the key with either header:

Authorization: Bearer <KEY>
X-Keenpix-Api-Key: <KEY>

All SDK responses are JSON and set Cache-Control: no-store. SDK requests are recorded under Settings -> API keys -> API activity.

Endpoints

MethodPathScopePurpose
GET/api/sdk/projectsreadList projects visible to the key.
POST/api/sdk/projectsall-project writeCreate a project.
GET/api/sdk/projects/<projectId>readFetch one project.
GET/api/sdk/projects/<projectId>/configurationreadFetch integration configuration for building image URLs.
PATCH/api/sdk/projects/<projectId>/settingswriteUpdate transform defaults.
POST/api/sdk/projects/<projectId>/prewarmwriteQueue cache prewarming for source images.
POST/api/sdk/projects/<projectId>/domainswriteAdd an allowed source host.
DELETE/api/sdk/projects/<projectId>/domains?host=<host>writeRemove an allowed source host.

Projects

Create a project with an all-project write key:

curl -X POST "https://keenpix.example.com/api/sdk/projects" \
  -H "Authorization: Bearer $KEENPIX_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Storefront",
    "origin": "https://cdn.example.com",
    "env": "production",
    "allowedOrigins": ["cdn.example.com"]
  }'

Request body:

FieldTypeRequiredNotes
namestringyes1-80 characters.
originURLyeshttp or https origin URL.
envstringyesproduction, staging, or development.
allowedOriginsstring[]noHostnames to allow. URLs are normalized to hostnames.

List or fetch projects:

curl "https://keenpix.example.com/api/sdk/projects" \
  -H "Authorization: Bearer $KEENPIX_API_KEY"

curl "https://keenpix.example.com/api/sdk/projects/$PROJECT_ID" \
  -H "Authorization: Bearer $KEENPIX_API_KEY"

Project responses include the project id, origin, environment, allowed origins, color fields, transform defaults, and createdAt.

Configuration

Use the configuration endpoint when an external CMS or backend needs the canonical image base URL and the supported transform parameters.

curl "https://keenpix.example.com/api/sdk/projects/$PROJECT_ID/configuration" \
  -H "Authorization: Bearer $KEENPIX_API_KEY"
{
  "configuration": {
    "projectId": "cm...",
    "projectName": "Storefront",
    "origin": "https://cdn.example.com",
    "allowedOrigins": ["cdn.example.com"],
    "imageBaseUrl": "https://keenpix.example.com/img",
    "transformUrlTemplate": "https://keenpix.example.com/img/<source-url>?project=cm...",
    "defaults": {
      "autoFormat": true,
      "defaultQuality": 75,
      "stripMetadata": true
    },
    "supportedParameters": [
      "project",
      "url",
      "w",
      "h",
      "q",
      "fmt",
      "fit",
      "dpr",
      "blur",
      "position",
      "pos",
      "gravity",
      "background",
      "bg",
      "flatten",
      "resize",
      "s",
      "enlarge",
      "kernel",
      "extract",
      "crop",
      "trim",
      "extend",
      "extendWith",
      "rotate",
      "r",
      "flip",
      "flop",
      "sharpen",
      "median",
      "gamma",
      "gammaOut",
      "negate",
      "normalize",
      "normalise",
      "threshold",
      "brightness",
      "saturation",
      "hue",
      "lightness",
      "tint",
      "grayscale",
      "greyscale",
      "animated",
      "a"
    ]
  }
}

imageBaseUrl and transformUrlTemplate are derived from proxy headers (X-Forwarded-Host and X-Forwarded-Proto) when present, then fall back to the request origin. Configure your reverse proxy to forward the public host and protocol so third-party integrations receive the external Keenpix URL.

Settings

Patch one or more transform defaults:

curl -X PATCH "https://keenpix.example.com/api/sdk/projects/$PROJECT_ID/settings" \
  -H "Authorization: Bearer $KEENPIX_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "autoFormat": true,
    "defaultQuality": 82,
    "stripMetadata": true
  }'
FieldTypeNotes
autoFormatbooleanEnables fmt=auto negotiation.
defaultQualityinteger30 through 100.
stripMetadatabooleanRemoves image metadata from transformed output.

Send at least one field.

Domains

Allowed source hosts control what /img/* may fetch. Add a host with JSON:

curl -X POST "https://keenpix.example.com/api/sdk/projects/$PROJECT_ID/domains" \
  -H "Authorization: Bearer $KEENPIX_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "host": "assets.example.com" }'

Remove a host with a query string or JSON body:

curl -X DELETE "https://keenpix.example.com/api/sdk/projects/$PROJECT_ID/domains?host=assets.example.com" \
  -H "Authorization: Bearer $KEENPIX_API_KEY"

Hosts are normalized to lowercase hostnames. Schemes, paths, and ports are removed when possible.

Prewarm

Use prewarm after a trusted integration uploads or publishes images. Keenpix queues the requested transform variants and returns immediately with 202; it does not wait for every transform to finish and it does not create user-facing request-log rows. Source URLs still have to pass the project's allowed-host and SSRF checks when the queued work runs.

curl -X POST "https://keenpix.example.com/api/sdk/projects/$PROJECT_ID/prewarm" \
  -H "Authorization: Bearer $KEENPIX_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "sources": ["https://cdn.example.com/uploads/photo.jpg"],
    "widths": [320, 640, 768, 960, 1280],
    "formats": ["avif", "webp"],
    "quality": 75,
    "fit": "cover",
    "dpr": 1
  }'

Request body:

FieldTypeDefaultNotes
srcURL-One source URL. Use src or sources.
sourcesURL[]-1-20 source URLs. Use src or sources.
widthsinteger[][320, 640, 768, 960, 1280]1-10 widths, each 1-5000.
formatsstring[]["avif", "webp"]auto, avif, webp, jpeg, or png.
qualityintegerproject default30 through 100.
fitstringcovercover, contain, fill, or inside.
dprinteger11 through 3.

A single prewarm request can queue at most 200 variants: unique sources * widths * formats <= 200.

Successful response:

{
  "prewarm": {
    "accepted": true,
    "sourceCount": 1,
    "variantCount": 10
  }
}

Errors

SDK errors use this shape:

{ "error": "Missing API key" }
StatusWhen
400Invalid JSON, invalid URL or host, invalid settings, or too many prewarm variants.
401Missing or invalid API key.
403Project-scoped key cannot access the requested project or operation.
404Unknown project or endpoint.
429API key rate limit exceeded.
500Unexpected SDK API failure.

On this page