> ## Documentation Index > Fetch the complete documentation index at: https://cloudinary.com/documentation/llms.txt > Use this file to discover all available pages before exploring further. # Image & Video APIs onboarding FAQ [//]: # (INTERNAL REMINDER - To add a new question, must also add a new parallel standalone page. If modifying the wording of an existing question, need to also update the en.yml for the parallel standalone page. Details in our doc procedures GoogleDoc.) This page provides quick answers to the most common questions that developers ask when evaluating or getting started with Cloudinary. > **NOTE**: Enterprise customers should also see the [Enterprise onboarding FAQ](enterprise_onboarding_faq). ## Signup and pricing What can I do with Cloudinary's Free plan? Cloudinary offers a generous Free plan that fully supports almost all features and can be used without restrictions, even in production, as long as you don't exceed your 30-day free credit allowance. With the Free plan, you can also: * Invite two additional users to your account * Explore the functionality of any [add-on](cloudinary_add_ons) by registering for its free tier. (Paid tiers of add-ons are available only on [paid Cloudinary plans](https://cloudinary.com/pricing).) * Take advantage of a variety of free courses on the [Cloudinary Academy](https://training.cloudinary.com) * Get email answers to your questions via [support tickets](https://support.cloudinary.com/hc/en-us/requests/new) [Registering for the Free plan](https://cloudinary.com/users/register_free) takes a few seconds. You can register with your Google or GitHub account, or with an email address. No credit card or other financial details are required. If your usage requirements grow beyond the Free plan’s credit limits, you can easily [upgrade](#how_do_i_upgrade_or_downgrade_my_cloudinary_account) to the [plan](https://cloudinary.com/pricing) that best fits your needs. --- How do Cloudinary credits work? Cloudinary's self-service pricing structure is based on **credits**. You can flexibly utilize the credits in your free or paid plan for transformations, storage and/or bandwidth based on your use case. > **NOTE**: Some [Enterprise](https://cloudinary.com/pricing) or other Custom plans may be based on 'units', rather than 'credits'. If your plan works with units, contact your Customer Success Manager for details. **One credit can be used for:** * 1000 transformations * Most image transformations, including complex chained transformations count as a single transformation. * Most video transformations are counted per second. (The number of [transformations per second](transformation_counts#progressive_videos) depends on the delivered video resolution). * Some advanced transformations or formats that require sophisticated processing have special [transformation counting](transformation_counts) rules. * 1 GB of managed storage * Storage includes your main asset storage, a cached copy of each derived asset (from delivered transformations), and any revisions backed up to the [Cloudinary backup storage](backups_and_version_management). * 1 GB of delivered bandwidth * For images, the bandwidth is based on the _delivered_ image file size. * For videos, 1 GB generally comes to ~500 seconds of delivered SD video or ~250 seconds of HD video) Or combined portions of each. **For example, suppose that in one 30-day period, you need:** * 2 GB of image and video storage (2 credits) * 4 GB of delivery bandwidth (4 credits) * 4000 transformations (4 credits) You'll use 10 credits during that period. In this case, the [Free plan](https://cloudinary.com/pricing) would be more than enough for you to use and to continue to add more Cloudinary functionality. You can see your current credit usage and breakdowns in the [Dashboard](https://console.cloudinary.com/app/home/dashboard/) of the Console. If you find you're approaching the upper limit of your current plan, you can upgrade to another self-service plan using the **Change plan** option in the [Accounts](https://console.cloudinary.com/app/settings/account) page of the Console Settings. To upgrade to an [Enterprise](https://cloudinary.com/pricing) plan (or if you have any other questions about upgrading), [contact our Enterprise support and sales team](https://cloudinary.com/contact?plan=enterprise). --- What is the image impressions metric? > **INFO**: > > This topic relates only to customers on one of Cloudinary's paid plans whose account is using the **image impressions** metric as part of the calculation of their credit usage. **What is an image impression?** An **image impression** occurs when an image is successfully delivered (loaded) in a web page or application. All images that load are considered successful image impressions. If an image doesn't load, it's not counted as an image impression. This metric is an **alternative** to counting the bandwidth delivered for images. Thus, if your account uses image impressions, then your bandwidth metric is not impacted at all by those image deliveries. --- **Why is Cloudinary making this change?** Image impressions support more predictable and simplified pricing. We're using it to align with your success. When you deliver images with Cloudinary, you create more engaging moments with your customers. --- **What is the benefit to me/my business?** With this update, you'll gain access to our latest format support and more advanced optimization algorithms (e.g., support for AVIF (.avif) and JPEG-XL (.jxl) formats in your `f_auto` deliveries and our latest `q_auto` algorithms) to support your engaging experiences with even faster load times. You'll now also be able to forecast image impressions for easier-to-understand and easier-to-predict pricing usage. --- **How are image impression credits calculated?** One credit equals 20,000 image impressions. In your dashboard, you'll see usage data calculated for you and converted into credits consumed. --- **Will this change make me reach my account limits faster? / Will I have to upgrade my account due to this change?** You may consume your credits slightly faster or slower, but will not likely need a plan change. --- **Are all delivered image formats counted as image impressions?** Almost all image formats are equally counted as image impressions. Currently, 3D and animated images are excluded from the image impressions metric, and are measured based on delivered bandwidth (as they have been until now). --- **How will video count towards my consumption of credits?** Your video delivery continues to be measured by bandwidth used. This update does not change the video bandwidth metric in any way. --- **Can I just keep my current plan?** We aim to be transparent about our pricing, and this is a change that is being gradually rolled out to everyone as it aligns better with the value you receive from Cloudinary. Soon, all existing and new customers will use the image impressions metric. Accordingly, we are not switching accounts back to using the bandwidth metric for images. --- **Will there be additional modifications to pricing?** As part of our commitment to enhancing our product and delivering maximum value, we continuously refine our pricing structure to align with our value proposition and improve its simplicity and predictability. Any forthcoming changes will adhere to these principles and will be communicated well in advance, as demonstrated in this instance. --- How do I upgrade or downgrade my Cloudinary account? You can see your current usage and breakdowns in the **Dashboard** page of your console. If your usage is approaching the upper limits of any self-service plan, you can upgrade to a new plan to ensure you can continue to take full advantage of all Cloudinary features. You can also downgrade to a lower plan if necessary. #### Besides more credits, what else does upgrading provide? Even if you haven't yet exceeded your quota for your current plan, you might want to upgrade if: * You want to use the paid tier of one or more [add-ons](https://console.cloudinary.com/app/settings/addons), which offer additional functionality like AI-based content moderation, object detection and auto-tagging to name a few. * You want to add more [users](user_provisioning#user_configuration) or more [product environments](cloudinary_glossary#product_environment). * You want larger usage limits, such as Admin API rate limits, upload file size limits, etc. You can see the default limits for different plans on the [Compare Plans page](https://cloudinary.com/pricing/compare-plans). You can see the specific usage limits defined for your account on the right side of the [Account](https://console.cloudinary.com/app/settings/account) page in your Console Settings.You can also programmatically retrieve the max limits and the current monthly usage of the allowances described above, including add-ons, with the [usage](admin_api#usage) method of the Admin API. * You need an expedited or more personal [customer support SLA (service-level agreement)](https://cloudinary.com/pricing/customer-success). * You want to use one of Cloudinary's premium features, such as: * [EU- or AP-based data centers](admin_api#eu_or_ap_data_centers_and_endpoints_premium_feature) * [Private CDNs and custom delivery hostnames (CNAME)](advanced_url_delivery_options#private_cdns_and_custom_delivery_hostnames_cnames) * [Token-based access control](control_access_to_media#token_based_access_premium_feature) * [SAML/SSO login or provisioning](saml_sso) * [AI-based ([Tier 2](search_method#search_api_tiers)) search API features](search_method#search_api_tiers) * [Multi-CDN](advanced_url_delivery_options#multi_cdn_solutions) These are just some of the benefits of Cloudinary's paid plans. For complete details, see [Cloudinary pricing](https://cloudinary.com/pricing). #### What's the process to upgrade or downgrade? * To upgrade (or downgrade) to another self-service plan, open the [Accounts](https://console.cloudinary.com/app/settings/account) page of the Console Settings, choose the **Change plan** option and follow the inline instructions. Changing your [plan](https://cloudinary.com/pricing) takes only a minute. * To upgrade to an [Enterprise](https://cloudinary.com/pricing) plan, [contact our Enterprise support and sales team](https://cloudinary.com/contact?plan=enterprise). * For questions about upgrading (or downgrading) to any plan, contact [Cloudinary support](https://support.cloudinary.com/hc/en-us/requests/new). * To downgrade from an Enterprise plan, contact your CSM. > **TIP**: In certain scenarios, your self-service account may be blocked for downgrading to a lower plan. See this [knowledge base article](https://support.cloudinary.com/hc/en-us/articles/360022080860-Why-can-t-I-downgrade-my-account-) for some reasons this might occur. In those cases, if you can't solve the problem on your own, please contact [Cloudinary support](https://support.cloudinary.com/hc/en-us/requests/new). --- Can I purchase Cloudinary via another cloud platform or local partner? Yes, Cloudinary can also be purchased via: * [Heroku Marketplace](https://elements.heroku.com/addons/cloudinary) * [AWS Marketplace](https://aws.amazon.com/marketplace/pp/prodview-qfeujjcpv5oqo?sr=0-1&ref_=beagle&applicationId=AWSMPContessa) * A variety of [platform and technology partners](https://cloudinary.com/partners/technology-partners) * A global network of [resellers and solution partners](https://cloudinary.com/partners/solution-partners) --- Can I set a password if I signed up to Cloudinary with Google, GitHub, or another third party? If you initially signed up for Cloudinary using Google, GitHub, or another third-party service (e.g., Heroku), you can still set a password for direct email login. This step is required to enable two-factor authentication (2FA). This step is also important because without a Cloudinary password, changing your email address on any of these third-party services could prevent you from accessing your Cloudinary account. Follow these steps to set up your password. Note that this process requires careful attention to password requirements and may need you to re-request a verification code if issues arise. 1. Go to the [My Profile](https://console.cloudinary.com/app/settings/profile) page of the Console Settings and click **Set Password**. 2. In the **Set Password** dialog box, click **Get Code**. Go to your email and copy and paste your verification code. 3. Enter a new password that meets all the required criteria: it must contain a capital letter, a lowercase letter, a number, and a special character. 4. Confirm the new password by typing it again in the confirmation field, ensuring both entries match exactly. > **INFO**: > > If you leave the **New Password** field with a required character missing, or if the passwords in the **Confirm New Password** field don’t match, you’ll need to request a new verification code to continue. --- Who can help with specific questions? This documentation portal and other developer resources, such as the [Cloudinary Academy](https://training.cloudinary.com/), our [Blog](https://cloudinary.com/blog), and the [Support Knowledge Base](https://support.cloudinary.com/hc/en-us) among others, provide a wealth of developer content, including quick starts, tutorials, API and SDK references, troubleshooting, and much more. You can find links to all of these resources in the top bar of this documentation portal. But if you have a specific question and need personal assistance to help you solve it, you've got several channels to reach out to: #### Getting help with technical challenges When you have a specific technical challenge related to a specific Cloudinary SDK, you can open an issue in the relevant [Cloudinary public library](https://github.com/Cloudinary). #### Getting help with account-specific issues Support is the channel for all questions about your account, billing, quota, or anything else that would require you to share sensitive account or company information. If your organization has an [SLA (service-level agreement)](https://cloudinary.com/pricing/customer-success) with Cloudinary, then you can also open support tickets for faster resolution of technical problems. Open support tickets with this [support form](https://support.cloudinary.com/hc/en-us/requests/new). --- ## Storage and CDNs Which Content Delivery Network (CDN) does Cloudinary use? Though it's a common misconception, Cloudinary is not a CDN. On the first request of any Cloudinary URL, Cloudinary optimizes and transforms the requested image or video on our servers. The generated media asset is then cached and served via globally available, leading CDNs such as Akamai, Fastly, or Cloudflare. * On free and self-serve plans, Cloudinary selects the CDN that delivers your assets. * Customers on an [Enterprise plan](https://cloudinary.com/pricing) can take advantage of Cloudinary's [multi-CDN solution](advanced_url_delivery_options#multi_cdn_solutions), which uses real-time data to automatically select the best performing or most appropriate of the supported CDN services for every user request. * Customers on an [Enterprise plan](https://cloudinary.com/pricing) can also optionally put a CDN or caching layer in front of Cloudinary. --- Where are my uploaded assets stored? Can I keep uploading to my own storage bucket? Once uploaded to Cloudinary, your assets are safely stored on Cloudinary’s cloud storage, powered by Amazon S3 or Google Cloud, with multiple backups and multi-region redundancies. #### Asset Backup You can also choose to automatically [back up your assets](backups_and_version_management). This enables you to restore old versions of an asset after overwriting it with newer ones. * On the Free plan, your backups will also be stored by Cloudinary and will count against your Cloudinary storage credits. Alternatively, you can use the [Get resources](admin_api#get_resources) API method to return a listing of all assets and then write a script to iterate through your existing assets and copy them to your own storage solution programmatically. * On any paid plan, you can optionally choose to back up your assets to your own storage bucket. Additionally, [Enterprise](https://cloudinary.com/pricing) customers can choose to store their Cloudinary original assets on their own cloud storage, managing redundancies and availability themselves. #### Data center locations By default, Cloudinary uses storage data centers in the US. [Enterprise](https://cloudinary.com/pricing) accounts can request storage in different geographical locations, such as [EU or AP data centers](admin_api#eu_or_ap_data_centers_and_endpoints_premium_feature), for regulatory reasons. #### Uploading to your own storage bucket To use Cloudinary's management, analysis, optimization, transformation and delivery features, your assets must be stored with Cloudinary. However, if you already have production code that uploads to another location and you want to continue that process and keep your originals in that storage bucket (in addition to storing in and delivering from Cloudinary), you can take advantage of the [auto-upload](migration#lazy_migration_with_auto_upload) feature, which enables you to map between remote locations (including storage buckets) and Cloudinary folders, and then automatically upload assets to the defined Cloudinary folder path from the corresponding remote location, the first time a new asset is delivered. Note that if the bucket isn't public, you'll need to [allowlist](upload_parameters#upload_from_a_private_storage_url) it. --- Can I host any type of content on Cloudinary? Yes. Cloudinary's features are primarily focused on management, transformations, optimization and delivery of all kinds of image, video, and audio files, but you can also upload or deliver non-media files. In some cases, Cloudinary features use stored non-media files as part of generating new media content. For example, your image or video transformations may make use of or reference files such as custom font files, video subtitle files, JSON or JS files. You can also upload any other type of document or file to Cloudinary as [raw](upload_parameters#uploading_non_media_files_as_raw_files) asset types and deliver them using Cloudinary URLs. These files will be delivered as exact copies of the original. > **INFO**: You cannot use Cloudinary to store or deliver illegal or highly controversial content. If you’re uncertain whether your files fall into this category, you may want to read our [Terms of Use](https://cloudinary.com/tou). You are also obligated to follow our CDN partners' acceptable use policies. --- What are some storage and cleanup best practices? Part of your monthly credits are used against your storage. If your required storage, in combination with your transformation and bandwidth usage, exceeds the allowance of your current plan, you can upgrade to a plan with more credits. However, there are steps you can take to make sure you are efficiently using your existing Cloudinary storage: * **Incoming transformations**: It's generally a good idea to upload high quality originals, even if you'll be delivering optimized versions in your site, but if you have images or videos that will always be delivered in small sizes or where high resolution display is not a priority, medium size or low resolution originals may be more than enough. In these cases, you can apply [incoming transformations](eager_and_incoming_transformations#incoming_transforatmions) in order to automatically resize, convert to a more optimized format, or otherwise pre-transform your original asset as part of the upload process, before storing the asset. Many organizations also take advantage of incoming transformations to limit the resolution or filesize of [user-generated content](user_generated_content). * **Delete originals or derived (transformed and cached) assets that are no longer in use**: * If you have specific assets or sets of assets matching certain criteria that are no longer needed, you can take advantage of the [search method](search_method) to find those assets, and then use the [Delete](admin_api#delete_resources) or [Delete derived resources](admin_api#delete_derived_resources) method of the Admin API to delete either the assets or their derived resources. * You can also use the [Bulk Delete](https://console.cloudinary.com/app/settings/settings/bulk_delete/new) UI option in the Console Settings to delete all assets or just all derived assets based on the asset's created before a certain date, assets with a specified public ID prefix, or by tag. * [Enterprise](https://cloudinary.com/pricing) customers can additionally use the Bulk Delete UI or the [Last access reports](admin_api#resources_last_access_reports) API to generate a report of asset URLs that were last delivered before, after, or during any specified time range. You can then delete those assets or their derived. * **Fetch expiry policy**: If delivering [fetched](fetch_remote_images#fetch_and_deliver_remote_files) images or videos is a common use case, Cloudinary support can set up an expiry policy for your fetched content. This ensures that every fetched resource will have a defined life cycle after which it's either refreshed from the original source or removed from your account (you can determine the interval and the action to be taken). > **NOTE**: Because this option requires manual setup on our end, it's currently only available for paid plans. * **Avoid duplications**: Sometimes the identical (or nearly identical) image unintentionally gets uploaded more than once. You can use the [Duplicate Image Detection Add-on](cloudinary_duplicate_image_detection_addon) to determine whether the images you upload, or existing images in your account are identical, or similar above a threshold you define, to other existing assets. Those assets are automatically set to a 'rejected' moderation status, enabling you to review them or programmatically delete them. --- ## Asset management and delivery basics Where do I find my account credentials? If you're a user with a **Master admin**, **Admin**, or **Technical admin** role, you can find your API keys and other credentials on the [API Keys](https://console.cloudinary.com/app/settings/api-keys) page of the Cloudinary Console Settings: ![Cloudinary API keys and credentials](https://cloudinary-res.cloudinary.com/image/upload/q_auto/f_auto/bo_1px_solid_grey/docs/api_key_credentials_settings.png "thumb: dpr_2,w_650, with_code:false, with_url:false, width:650, popup:true") > **TIP**: > > :title=Tips: > * Watch a [video tutorial](finding_your_credentials_tutorial) on how to find and work with your Cloudinary credentials > * The initial creator of a new account becomes the [root user](user_provisioning#root_user) with full account access. If you have multiple users in your account, there must always be at least one user with the **Master admin** role. For more details, see [Role-based permissions](dam_admin_users_groups#role_based_permissions). These credentials include your: * **Cloud Name**: The product environment identifier. Required for configuring front-end SDKs and included as an identifer in all media asset URLs delivered from Cloudinary. * **API Key** and **API Secret**: Needed to configure backend [SDKs](cloudinary_sdks) or to directly run [REST API requests](cloudinary_references). * **API environment variable**: A string that combines all three credential values. Copy the **API environment variable** format from the [API Keys](https://console.cloudinary.com/app/settings/api-keys) page of the Cloudinary Console Settings. Replace`` and `` with your actual values, while your cloud name is already correctly included in the format. If you need only your cloud name, such as for configuring a frontend SDK, you can find that on the [Dashboard](https://console.cloudinary.com/app/home/dashboard). > **INFO**: > > :multi-line > * You use your **cloud name** and **API key** for enabling or configuring a variety of Cloudinary features. As mentioned above, your cloud name is also a part of every media asset URL you deliver from Cloudinary. There's no problem to expose these values in client-side code. > * You use your **API secret** for authentication. You should **never** expose Your API secret in client-side code or in any other way outside your organization. > * Your cloud name, API key, and API secret are all specific to a [product environment](solution_overview#what_39_s_a_product_environment). Free accounts have only one product environment. Paid accounts can have multiple product environments that you can use for things such as production and staging environments, or you might have different product environments to parallel different products, websites, organizations, geographies, or apps that you use with Cloudinary. #### Managing product environment API keys You can manage your API keys in the [API Keys](https://console.cloudinary.com/app/settings/api-keys) page of the Console Settings, including adding, activating, disabling, and naming API keys. > **NOTE**: Cloudinary is developing a new role-based permissions system that will provide more flexible and comprehensive control over API key permissions. This will enable you to configure specific permissions for individual API keys, controlling access to Upload and Admin API methods. This feature isn't yet available for production use. If you're interested in trying this solution in a test environment, contact your Customer Success Manager or [support](https://support.cloudinary.com/hc/en-us/requests/new) to learn more. #### Managing API keys with the Provisioning API [Enterprise](https://cloudinary.com/pricing) accounts that have the [Provisioning API](provisioning_api) enabled can use it to programmatically create and manage API keys using the `access_keys` endpoint and product environments using the `subaccounts` endpoint, as well as users and user groups. To use the Provisioning API, you need a dedicated API key. If your account includes support for the Provisioning API, you can find your credentials in the [Account Management Keys](https://console.cloudinary.com/app/settings/account-api-keys) page of the Cloudinary Console Settings. --- How do I migrate all my existing images and videos to Cloudinary? If you already have a collection with many media assets already uploaded and stored somewhere, you have a few options to migrate your existing assets to your Cloudinary product environment. For more details and considerations on migrating your assets to Cloudinary, see the [Migration guide](migration). #### Lazy migration Migrate assets on demand from a remote location using [Auto Upload](migration#lazy_migration_with_auto_upload), where migration is carried out only when the resource is requested by a visitor. The auto-upload feature is implemented by mapping a base remote URL to a specified folder prefix in your Cloudinary product environment. Then, whenever accessing a Cloudinary delivery URL containing the folder prefix, the media assets are automatically retrieved from the mapped URL if they are not already uploaded to the folder. After an asset has been auto-uploaded from the remote location, all requests for the asset will reference the asset stored in your Cloudinary product environment. #### Direct migration Direct migration is a one-time migration based on the [upload method of the Upload API](upload_images) for migrating all existing resources in one phase. Cloudinary provides a secure and comprehensive API for easily uploading media files from server-side code, directly from the browser or from a mobile application. Using Cloudinary's upload capabilities, you can upload media assets in bulk with a variety of options for customizing how they will be uploaded, including naming, whether to apply manually specified or automatically generated tags and metadata, whether to apply incoming transformations or other AI-based analysis of the uploaded assets, and much more. You can upload local files, or even specify a remote URL or bucket as the source for your upload calls, so there's no need to download files locally before uploading to Cloudinary. For a comprehensive overview of all the options for uploading to Cloudinary, see [Uploading assets](upload_images#upload_overview). #### Cloudinary CLI migration The [Cloudinary CLI](cloudinary_cli) (Command Line Interface) enables you to interact with Cloudinary through the command line, allowing you to perform Upload API operations by typing commands into a terminal without having to spend time setting up a formal coding environment. Additional helper commands are provided to help you migrate your files over to Cloudinary with minimal effort. You can also combine CLI commands in a batch file to automate the task. Especially useful are the following commands: * [migrate](cloudinary_cli#migrate) - migrates a list of external assets to Cloudinary. The URLs of the files to migrate are listed in a separate file and must all have the same prefix. * [sync](cloudinary_cli#sync) - synchronizes between a local folder and a Cloudinary folder, maintaining the folder structure. * [upload_dir](cloudinary_cli#upload_dir) - uploads a folder of assets, maintaining the folder structure. > **TIP**: See the Cloudinary training course on [migrating media assets](https://training.cloudinary.com/learn/course/migrating-media-assets-using-cloudinary-sdks-and-add-ons-50-minute-workshop). --- How do I deliver the most optimized assets? Optimizing assets for delivery means reducing the file size of the assets to ensure fast delivery to your end users. You can reduce the file size by: * Delivering assets at the dimensions at which they need to be displayed * Choosing the best format for each asset according to the user's browser * Compressing or encoding the asset enough to reduce the file size without impacting the visual quality When not applying any transformation, Cloudinary delivers the asset as is (unoptimized). If you apply any transformation to your assets (e.g. width, height, etc), Cloudinary automatically applies certain [default image optimizations](image_optimization#default_optimizations) and [default video optimizations](video_optimization#default_optimizations). You can apply transformations to your delivery URLs to optimize the [format](transformation_reference#f_auto) and [quality](transformation_reference#q_auto) of your delivered assets automatically. You can also employ [responsive image resizing](responsive_images) to deliver the most appropriate image size for the user's viewing device, or specifically set dimensions to resize or crop your [images](resizing_and_cropping) and [videos](video_resizing_and_cropping). Start by looking at the [best practices](media_optimization#best_practices) for image and video optimization, and learn more in our dedicated guides for [image optimization](image_optimization), [video optimization](video_optimization) and [audio optimization](audio_optimization). --- Why is an old image/video still showing in my site after I replaced it with a new one? When you overwrite an existing asset with a new file that has the same public ID, your Cloudinary account is updated with the new file. The first time you request a specific URL for that asset, it will be generated using the latest version of the image or video. However, if a specific URL using that asset was already in use in your application or website, you may still see a CDN cached version of the previous version instead of the new, updated media asset. It's also possible that your browser or another third-party cache has stored the previous file generated from the URL and is still showing it to you. To successfully display the new asset to your users for an existing URL transformation, you can use one of two methods: * **Invalidate CDN cache**: Use the `invalidate` parameter during an `upload` or `explicit` API call to clear any cache for the overwritten asset on the CDN. This parameter is sent automatically if you replace an asset using the Console Media Library. For details, see [Upload API documentation](invalidate_cached_media_assets_on_the_cdn). * **Bypass browser and other caches**: Use the optional [version](image_transformations#asset_versions) component as part of your asset delivery URLs to ensure the latest version is always delivered. You can retrieve the asset version from the upload response and then apply it to all transformations in your app that use that asset. --- What special operations and analyses can I perform on assets while uploading? When you upload an asset to your product environment you can set [various parameters](image_upload_api_reference#upload_optional_parameters) to control where and how it's saved in your product environment, apply tags and metadata, request analyses and moderation through various add-ons, apply transformations and more. Examples include: * [Eagerly generating transformations on upload](eager_and_incoming_transformations#eager_transformations): Generate transformed assets during the upload call so that those transformations will already be available for delivery before your users access them for the first time. These transformations are generated in addition to storing the original asset as is. This is especially useful for transformations that can take a while to generate. * [Transforming assets on upload](eager_and_incoming_transformations#incoming_transformations): Transform the original asset before storing it in Cloudinary. This can be useful for example to limit images to a maximum resolution or videos to a maximum duration. * [Image quality analysis](image_quality_analysis): Determine the quality of images being uploaded to your product environment, particularly for [user-generated content](user_generated_content). * [Image accessibility analysis](accessibility_analysis): Choose the best images for people with color blindness by analyzing your images for accessibility. * [Moderating assets](moderate_assets#moderation_of_uploaded_assets): Ensure that inappropriate or dangerous content is not being uploaded to your account, and that all your assets meet your requirements using our various moderation add-ons. * [Evaluating and modifying upload parameters](upload_parameters#eval_modify_upload_options_before_upload): Conditionally add tags or metadata based on properties of your images or videos by evaluating criteria on upload. > **NOTE**: You can use [upload presets](upload_presets) to save a particular upload configuration that you can use to upload assets without having to set the same parameters each time. Learn more in our [upload guide](upload_images) and take a look at some video tutorials on [uploading assets programmatically](programmatic_upload_tutorials). --- ## Account and asset security How do I control which users access my Cloudinary account and what they can do? Cloudinary offers multiple methods to ensure that only authorized users can access and manage the various assets and functionalities: * **Roles & permissions**: Each user in your Cloudinary account is assigned a [role](dam_admin_users_groups#role_based_permissions) that determines their allowed operations, access to Console sections, and control over settings. For example, a Master admin has comprehensive access to Cloudinary credentials, Console Settings, user management, billing, upgrades, and all assets. In contrast, a Media Library user is limited to accessing media assets within their folder permissions. * **Folder permissions**: By assigning permissions on [folders](dam_admin_users_groups#access_permissions_to_assets_via_folder_sharing) (and their contents), you can regulate access for selected Media Library users or user groups. This allows you to grant varying levels of access permissions, from full management control to view-only. You can also can prevent specific Media Library users or user groups from accessing a folder's contents by not sharing that folder with them. * **Two-factor authorization/SAML login**: Cloudinary provides two-factor authentication (TFA) and [Security Assertion Markup Language (SAML)](saml_sso#configure_saml_sso_in_cloudinary) login options. TFA adds an extra layer of security, requiring additional verification during login. SAML login allows authentication through your organization's identity provider, such as Okta, Azure AD, OneLogin, etc. Configure these options on the [User Management](https://console.cloudinary.com/app/settings/user-management) page of the Console Settings. [Enterprise](https://cloudinary.com/pricing#pricing-enterprise) customers can also utilize [SAML provisioning](saml_sso#saml_provisioning), which allows you to create and manage users through your organizations identity provider, eliminating the need to pre-create the users in Cloudinary. * **Allowed Admin API/Console IP addresses**: You can restrict access to the Admin API and Console based on specific IP addresses. Configure this setting to limit account access to authorized IPs. Access this configuration on the [Security](https://console.cloudinary.com/app/settings/security) page of the Console Settings. --- What security measures are available to prevent misuse of my account? Cloudinary offers a large variety of settings and features that help you prevent misuse of your account and assets. #### Security settings in the Console When considering account security, you'll probably want to start by checking out the options in the **Security** tab of the Console settings. Keep in mind that these settings are at the product environment level, and should be reviewed for every product environment in your account. * **Strict transformations**: Prevents people from freely generating transformations on-the-fly that could count against your account's transformation quota. When this option is turned on, only signed transformations, pre-generated **eager** transformations, or those specifically set as allowed, either programmatically or in the Console, can be delivered. You can also optionally define specific domains that are allowed to generate unsigned on-the-fly transformations that can be delivered even when the strict transformations option is turned on. [Learn more about strict transformations](control_access_to_media#strict_transformations). * **Restricted media types**: Similar to strict transformations, but restricts on-the-fly delivery of specific features that might sometimes be misused. Like strict transformations, if you select any of these features or [delivery types](image_transformations#delivery_types), then those types of URLs can be delivered only as signed URLs or if they are pre-generated as **eager** transformations. * **Allowed fetch domains**: As an additional protection against people using your account to transform and deliver assets that are fetched from remote locations, you can define specific domains and sub-domains from which fetched assets can be delivered. If you don't mark **Fetched URL** as a globally restricted media type (using the option above), then it's a good idea to list the specific domains from which your product environment can deliver fetched media. [Learn more about delivering fetched media](fetch_remote_images#fetch_and_deliver_remote_files). * **Add-on transformations**: By default, all transformations that use add-ons must be signed. This prevents unauthorized users from using your add-on quotas. It's usually recommended to keep this default setting. If this is not a concern, or if you want to temporarily simplify generating add-on transformations while experimenting for example, you can allow generating unsigned add-on transformations by selecting the specific add-ons you want to allow. [Learn more about Cloudinary add-ons](cloudinary_add_ons). * **Usage of tags/context/structured metadata in transformation URLs**: By default this is allowed and enables you to do things like creating URLs with [conditions](conditional_transformations) or [user-defined variables](user_defined_variables) based on an asset's stored metadata. However, that means the values of metadata stored with your assets can be exposed in the URL. If you have sensitive information stored in those metadata fields, you may want to disable this option. * **PDF and ZIP file delivery**: While Cloudinary offers a variety of valuable [PDF](paged_and_layered_media#delivering_content_from_pdf_files) and [archive](image_upload_api_reference#generate_archive)-related features, it's also important to keep in mind that PDF and ZIP (or other archived) files can potentially contain malicious content. If you aren't actively using Cloudinary's PDF or archive delivery capabilities, you can block this option to help ensure that these types of malicious content can't be delivered from your account. This option is disabled by default for free accounts. * **Allowed Admin API and Console IP addresses**: You can restrict the set of allowed IP addresses from which Admin API calls can be made or from which a user can log into the Cloudinary Console. #### Other security options In addition to the security settings mentioned above, you can also take advantage of the security features below: * **Authenticated/signed uploads**: Uses a backend-generated signature based on your product environment API key, API secret, the specific upload parameters, and a timestamp to authenticate each uploaded asset. [Learn more about authenticated requests](upload_images#authenticated_requests). * **Moderation and malware detection add-ons**: Cloudinary offers a set of moderation and malware add-ons that enable you to programmatically detect assets that contain unacceptable or dangerous content and potentially block them from being delivered and/or implement any other special handling of such cases. This is especially valuable for [user-generated content](user_generated_content). Each asset that's evaluated by one or more of these add-ons are assigned an approved, pending, or rejected moderation status, enabling programmatic handling and/or for your teams to optionally manually review or override the programmatically assigned status. [Learn more about our protection-category add-ons](cloudinary_add_ons). * **Response and notification signatures**: Every API and webhook response includes a signature. You can set up your backend app to validate [notification](notification_signatures) or [response](response_signatures) signatures before using them. * **Incoming transformations**: You can take advantage of incoming transformations to ensure that [user-generated content](user_generated_content) meets required standards, such as resizing files that exceed predefined file sizes or resolutions. This can ensure that your user-generated content doesn't waste your storage quota. [Learn more about incoming transformations](eager_and_incoming_transformations#incoming_transformations). * **ACL Blocklisting or Allowlisting delivered assets**: Paid plans can submit a support request to either block or allow access to delivered assets by things such as Domain, IP, Country code, Path, User-Agent, Referer, and Content Type (Mime Type). [Learn more about access control listings](control_access_to_media#product_environment_access_control_list_premium_feature). * **IP address masking for privacy compliance**: Cloudinary can enable IP address masking to prevent end user IP addresses from being passed to Cloudinary in CDN logs, helping demonstrate compliance with various security and data protection standards. This feature is available on request. [Learn more about IP masking](solution_overview#ip_address_masking). --- How can I control who has access to sensitive media assets? Cloudinary offers a variety of settings and features that help you control who can access your media assets. You can use randomly generated public IDs for your assets, which makes it harder for end users to guess your media URLs, but you may want more formal ways to control who can access your media files and when. Cloudinary offers the following [Media access methods](control_access_to_media): * [Private media assets](control_access_to_media#private_media_assets) and [Authenticated media assets](control_access_to_media#authenticated_media_assets) are only accessible by a [signed delivery URL](control_access_to_media#enforcement_mechanism_signed_delivery_urls) that has its signature validated before making the asset available for view. * [Access controlled media assets](control_access_to_media#access_controlled_media_assets) can be restricted so that they can only be viewed with an access token, except during an optional time-limited date range when the asset is defined as publicly accessible. * [Token-based access (premium feature)](control_access_to_media#token_based_access_premium_feature) - Assets can be restricted so that even if someone has the delivery URL they still need a token to access the asset. Tokens can be restricted to a specific time frame, IP address, a specific pattern ACL (Access Control List) or even a specific user (session cookie). * [Allowlisting or blocklisting access to your product environment's assets (premium feature)](control_access_to_media#product_environment_access_control_list_premium_feature) - Submit a request to the Cloudinary support team with a list of ACLs to allow/block. --- ## Account usage and monitoring How can I track my credit usage? The best way to track your credit usage is in the **Dashboard** of your Cloudinary Console. There you can see how many credits you've used in the past 30 days as well as the breakdown of that usage into transformations, bandwidth, and storage. * **Overall account usage**: ![Plan Current Usage](https://cloudinary-res.cloudinary.com/image/upload/q_auto/f_auto/v1687696568/docs/PM/dashboard_usage.png "thumb:w_600,dpr_2, width:600, with_url:false, with_code:false") * **Breakdown across your entire account**: ![Usage Overview - All](https://cloudinary-res.cloudinary.com/image/upload/f_auto/q_auto/v1672584402/docs/PM/dashboard_overview_all.png "thumb:w_600,dpr_2, width:600, with_url:false, with_code:false") * **Breakdown for the currently selected product environment**: ![Usage Overview - Product Environment](https://cloudinary-res.cloudinary.com/image/upload/f_auto/q_auto/v1672584402/docs/PM/dashboard_overview_prodenv.png "thumb:w_600,dpr_2, width:600, with_url:false, with_code:false") You may also want to take a look at the **Reports** section of the Console to understand more about how you are using your credits and whether you can optimize your upload, storage, or delivery implementations to make your credit usage more efficient. For more details on account usage and reports, see [Account usage data](programmable_media_asset_usage_data). --- {collapsed:title=Aside from credits, what other usage allowances should I be aware of? } In addition to the number of credits you have for your account, there are a number of other account and usage allowances you should consider. These allowances differ depending on your plan. The usage allowances include things like: * Hourly requests allowed for the rate-limited Admin API * Max number of users and product environments * Max storage and transformation file size/resolution for images, videos, and raw files. The maximum allowances available for your account are listed in the **Usage limits** section on the right side of the [Account](https://console.cloudinary.com/app/settings/account) page in your Console Settings. If you've registered for any [add-ons](cloudinary_add_ons), each add-on has its own quota, and you should make sure you keep an eye on your usage of those as well, to be sure your production features that use these add-ons will work smoothly throughout the month. You can check your add-on subscriptions and usage in the [Add-ons](https://console.cloudinary.com/app/settings/addons) page. Note that, in contrast to credits, which are evaluated on a rolling 30-day basis, your add-on quota resets each month on your billing date. You can also programmatically retrieve the max limits and the current usage of the allowances described above, including add-on quotas, with the [usage](admin_api#usage) method of the Admin API. --- {/collapsed} What kinds of usage reports does Cloudinary offer? You can view a variety of information and metrics about your usage by looking at your various reports available in the **[Home](https://console.cloudinary.com/app/home)** section of the Cloudinary Console. The following reports are available: * **[Delivery Reports](https://console.cloudinary.com/app/home/delivery-reports)**: Includes usage details that can help you to analyze how your users are interacting with your published assets. You can see metrics on requests, bandwidth, top transformations and assets, resource types and formats, browsers and referrers, as well as geographical information. * **[Error Reports](https://console.cloudinary.com/app/home/error-reports)**: Details any errors that have occurred when delivering your assets and allows you to filter them by error code. ![Sample reports graph](https://cloudinary-res.cloudinary.com/image/upload/bo_1px_solid_gray/f_auto/q_auto/docs/reports_graph.png "thumb: w_600,dpr_2, width:600, with_code:false, with_url:false") You can also view plan and asset usage data from the **Dashboard** of your Cloudinary Console and get detailed video reports from the **[Video Analytics](https://console.cloudinary.com/app/video/analytics)** page. For a comprehensive overview of all the available reports and usage, see [account usage data](programmable_media_asset_usage_data). --- How can I monitor account and service availability? Thanks to a variety of backup mechanisms, downtime or other incidents that impact our service are quite rare. Any system incidents that do occur are published on [https://status.cloudinary.com/](https://status.cloudinary.com/) along with updates and the resolution of each incident. You can also subscribe to get email notifications whenever Cloudinary publishes, updates or resolves an incident. Additionally, you can verify the availability of our API servers programmatically via the [ping](admin_api#ping) endpoint. ---