Authenticating API requests
To protect your account usage all API requests must be authenticated. The API supports two authentication methods, one for server to server requests and the other for direct requests from mobile apps or websites.
https://APPID.thumbapis.com/1/thumb?PARAM=VALUE&...&token=YOUR TOKEN
Requests authenticated using your token can use any params and request any object. It is highly important you keep it private and don't use it for direct client requests from mobile apps and websites!
Use token authentication when you make requests from your server, you can get your account token in the Management Console.
https://[APPID].thumbapis.com/1/thumb?PARAM=VALUE&...&stoken=SIGNED HASH
Requests authenticated using signed hash can use only the signed params. You will need to generate the signature for each unique request.
The signed hash is the md5 hash of the entire query string and your secret, you can get your secret in the Management Console.

function thumbURL($querystring) {
	$appid = "XXXXXXXXX"; 	// Your App ID
	$secret = "XXXXXXXXX";	// Your seceret
	$surl = sprintf("https://%s.thumbapis.com/1/thumb/?%s&stoken=%s",
	return $surl;
// Example Usage
echo $url;
// Output: https://XXXXXXXXX.thumbapis.com/1/thumb/?src=https://thumbapis.s3.amazonaws.com/examples/sf-golden-gate.jpg&size=400,400&round=5&stoken=5ffcc657df02aae12559cbed47f8715e