How can I make sure that an image is actually from my correct user?
In short: use Signature Authentication.
If you run a website and are in control of its server-side code, you can safely store your Transloadit Auth Secret there. Your visitors will be logged in with your server. Let's say they want upload something. Your server now generates a secret, knowing it is for a particular logged in user. The server can tag the upload and generate a signature of all these parameters using the secret only it and Transloadit know.
When the files arrive on our end, we will also create a signature of the parameters using the same secret. If the signatures don't match - and you have enabled the option in your account that signatures are required - we will reject the upload.
This way you can be sure that:
- Uploads only work for users who are logged in
- Uploads are tagged with user information that cannot be forged by the users themselves, as they don't have the secret to forge the correct signature for those parameters.