Request
Response
Returns a smaller, optimized version of the image.| Header | Value | Description |
|---|---|---|
Content-Type | image/webp | Thumbnails are always encoded as WebP |
Cache-Control | public, max-age=31536000, immutable | 1 year, immutable cache for public uploads |
CDN-Cache-Control | public, max-age=31536000, immutable | 1 year, immutable cache at the CDN edge for public uploads |
Query Parameters
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
size | integer | No | 200 | Target thumbnail size in pixels. Clamped to the range 50-400. Values outside this range, or invalid/missing values, fall back to 200. |
Thumbnail vs Full Image
| Attribute | Thumbnail | Full Image |
|---|---|---|
| Size | Smaller dimensions | Original dimensions |
| Quality | Optimized for preview | Full quality |
| Format | Always WebP | Original format |
| Use Case | Listings, previews | Detail view |
Use Cases
- Gallery thumbnails
- List views
- Card previews
- Low-bandwidth scenarios
HTML Usage
Access Control
- Public uploads: Thumbnails accessible to everyone
- Private uploads: Thumbnails require authentication and ownership:
- No auth cookie/token present: returns
401 Unauthorized - Authenticated but not the owner: returns
403 Forbidden - There is no admin override - only the owner can access a private upload’s thumbnail
- No auth cookie/token present: returns
/api/image/{id}, which returns 404 Not Found for all unauthorized access to private images (including missing auth and non-owner requests) to avoid leaking whether an upload exists.