FotoForensics permits developers to create interfaces into FotoForensics as long as they abide by the following conditions:
The first condition relates to acknowledgements. Developers must not take credit for work performed by FotoForensics. Users must be made aware that data, content, or analysis is coming from FotoForensics.
The next two conditions relate to Copyright Law. Images and text generated by FotoForensics can be used under Copyright's Fair Use clause. However, using the content to generate revenue -- directly, indirectly, or from ads -- violates Copyright and the Fair Use clause. In particular, many smartphone apps are ad-ware; they generate revenue by displaying third-party ads along with the app's content. If someone writes a smartphone app for FotoForensics, it must be a free app and must not be ad-based or sold for "$1 at the Apple Store". If you wish to create a profit-based front-end, you must contact Hacker Factor first. (Don't be surprised if Hacker Factor says "no" or requests a cut of the profits.)
The next condition concerns endorsements and support. Basically, don't use the FotoForesics or Hacker Factor's name, web site, logo, or related content to give the impression of an endorsement. Abiding by this API is not an endorsement.
The fifth condition concerns network and server loads. FotoForensics is intended as a research service and not a generic file-hosting site. While it usually can handle large floods (like those generated by Slashdot and Reddit), it is not intended for a single site or service to dominate the number of uploads. Automated uploads of dozens or hundreds of pictures is not permitted. We have specific filters that look for this type of abuse. We have currently blocked uploads from Google as well as other companies that attempted to upload hundreds of pictures. If you want to bulk upload pictures for analysis, contact Hacker Factor first.
The final condition ensures that your application does not suddenly break when FotoForensics performs an update.
The common API is intended for other web sites, applications, and browser plugins to link to Fotoforensics. In particular, your service should redirect users to this site and not proxy partial content.
FotoForensics does not support proxy services. In particular, FotoForensics does not permit pornography, nudity, or sexually explicit content. If your application redirects uploads to FotoForensics on behalf of users (e.g., you operate a proxy), then your service will be banned if any of your users submit prohibited content. (Trend Micro's content scanner has been banned for this reason; they uploaded porn on behalf of one of their users. Most Tor and open proxy nodes have also been banned for the same reason.) Whoever does the upload is responsible for ensuring that the content does not violate this policy.
FotoForensics supports both GET and POST operations for uploading content. Content can either be specified as a URL or uploaded file.
A sample upload by URL may look like:
GET /upload-url.php?plugin=SuperPlugin&pluginver=SuperPlugin-1.0&url=http://server/path/image.jpg HTTP/1.1
Uploading by a URL may result in access problems. In particular, some pictures may only be accessible after the user logs into a secure system. (E.g., private Facebook photos and restricted forums.) If the FotoForensics server cannot access the image, then nothing will be downloaded. You should never send a user's login credentials to FotoForensics.
POST /upload-file.php HTTP/1.1 Content-type: multipart/form-data; boundary=----------fotoforensics--1359146951293 Content-length: 7472 ------------fotoforensics--1A59146951293 Content-Disposition: form-data; name="plugin" SuperPlugin ------------fotoforensics--1A59146951293 Content-Disposition: form-data; name="pluginver" SuperPlugin-1.0 ------------fotoforensics--1A59146951293 Content-Disposition: form-data; name="FullPath" http://www.google.com/images/srpr/logo3w.png ------------fotoforensics--1A59146951293 Content-Disposition: form-data; name="file"; filename="logo3w.png" Content-Type: image/png [PNG data from logo3w.png] ------------fotoforensics--1A59146951293--
The filename in the final section may be just the name or an entire URL. A blank or static filename (e.g., using a hard-coded "foo.jpg" for every upload) is not permitted.
A successful POST should return a "302" redirect code and the "Location" header identifies the URL to the picture.
After submitting the image to FotoForensics, it is strongly recommended that your service return the full response page to the user. Web browser plugins should open a new tab. Web pages should direct the user to FotoForensics. Using inline tags or HTML parsing is not recommended because this site may be redesigned in the future.
The response will return an HTTP redirect (302 result code) to the results page. A redirect is used to prevent the browser's back button from performing a second upload. The HTTP redirect "Location" header points to the results page. The URL found in the Location header is the base URL for all of the results.
A typical results page displays the analysis image. However, some response pages are text or have prompts for the user. Text pages are typically provided to banned users. The prompts are typically related to requests for the user to confirm that the image content does not violate the site's content restrictions.
The type of response page is denoted in the HTML <title> field. The last word in the title identifies the result key.
The API does not currently have a means to return different result codes. If there is a specific requirement for this, please contact Hacker Factor. Be sure to specify details concerning how you intend to use the results and interface with FotoForensics.
After an image has been successfully uploaded, the analysis data can indexed using the image ID. The ID is the sha1 checksum of the uploaded picture and the length of the file. (Requiring both sha1 and length reduces the risk of a naming collision.) Pictures can be directly access using the following URL parameters:
id=sha1.length: Identifies the image
fmt=format: Identifies the return format. Current modes include 'orig' for the original image (png or jpeg), 'ela' for the error level analysis result (png), "estq" for the estimated last save JPEG quality (text), and "meta" for the extracted metadata (html for FotoForensic's CSS).
size=maxdimension: Scales the image to the maximum dimension. Arbitrary values are not permitted. The only supported values are 128, 256, 400, and 600. Scaled images will attempt to maintain the proper aspect ratio.
For example, the following GET query will return the ELA image scaled to fit within a 600x600 pixel area: