ClawHub

HTMLPix API

v0.1.3

Use when the user wants to call, test, or integrate the HTMLPix HTML-to-image API — including auth setup, signed URL minting, image rendering, template CRUD,...

0· 365·1 current·1 all-time
byjyma@jymaa
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the SKILL.md: the document is an API contract for HTMLPix HTML-to-image operations (minting signed URLs, template CRUD, rendering). The skill requests no binaries, env vars, or installs — appropriate for an instruction-only API helper.
Instruction Scope
SKILL.md contains only API endpoint contracts, auth flow description, error codes, and usage guidance for generating code/curl/SDK calls. It does not instruct the agent to read unrelated files, access system config, exfiltrate data, or call unexpected external endpoints. It explicitly warns not to call private endpoints from client-side/browser code.
Install Mechanism
There is no install spec (instruction-only). No downloads or extracts occur and no code is written to disk, which is lowest-risk for install mechanisms.
Credentials
The manifest declares no required env vars or credentials. The SKILL.md describes the API's own Authorization header and API key format (hpx_...), which is expected for an API reference—there is no attempt to collect unrelated secrets or request platform credentials.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent system-wide presence or attempt to modify other skills or agent config. Autonomous invocation is allowed (platform default) but the skill content is read-only API docs.
Assessment
This skill is essentially documentation for the HTMLPix API and appears coherent and low-risk. Before using it: (1) verify the API base URL and endpoint details against official HTMLPix docs (skill source/homepage is unknown), (2) never paste your real API keys into chat—keep keys in your app environment and use the skill to generate example code or server-side integration patterns, and (3) be cautious if the agent generates runnable code that embeds credentials; replace placeholders with secure environment-variable access in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk972j3tpxjs41m94shbh3he8vh82ws1b
365downloads
0stars
4versions
Updated 1mo ago
v0.1.3
MIT-0
jyma@jymaa
latest
Download

HTMLPix API Skill

Use the API contracts below when generating code, curl commands, SDK wrappers, or troubleshooting responses.

Base URL and Auth

  • API Base URL: https://api.htmlpix.com
  • Private endpoints require: Authorization: Bearer <API_KEY>
  • API keys are prefixed hpx_ and managed at https://htmlpix.com/api-keys
  • Do not call private endpoints from browser client code; mint URLs on the backend.

Authentication Flow

Every private request goes through this pipeline:

  1. Extract Authorization: Bearer <key> header
  2. Hash the key with SHA-256, look up by hash in the apiKeys table
  3. Verify key status is active (otherwise 403 KEY_INACTIVE)
  4. Query the user's subscription status from quotas table
  5. Subscription must be active, trialing, or canceled with time remaining

Error Codes

StatusCodeMeaning
401MISSING_API_KEYNo Authorization: Bearer header
401INVALID_API_KEYKey not found
403KEY_INACTIVEKey revoked or disabled
402NO_SUBSCRIPTIONNo quota record found
402SUBSCRIPTION_INACTIVESubscription expired or past_due
429QUOTA_EXCEEDEDMonthly mint quota exhausted

Endpoint Contracts

POST /v1/url (private)

Mint one signed image URL. The server resolves template variables, executes the template JSX, uploads the rendered VNode to Cloudflare R2/KV, and returns a signed URL pointing to the Cloudflare Worker that renders the final image.

Request JSON:

FieldTypeRequiredConstraints
templateIdstringyesmax 128 chars
widthintegerno1–4096, defaults to template value or 1200
heightintegerno1–4096, defaults to template value or 630
formatstringnopng, jpeg, or webp — defaults to template value or webp
qualityintegerno0–100, defaults to template value
devicePixelRationumbernopositive number, defaults to template value or 1
tvstringnomax 128 chars, cache-busting version tag — defaults to template updatedAt
variablesobjectnomax 64 keys, key max 64 chars, each value max 4000 chars serialized. Values can be string, number, boolean, null, array, or nested object.

Response 200:

{ "url": "https://image.htmlpix.com/v1/image?...&sig=...", "expiresAt": 1710345600000 }

Operational limits:

  • Body size max: 32 KB
  • Rate: 120 mint requests per 60s per API key
  • Concurrency: 4 in-flight per user
  • URLs expire after ~5 years by default

POST /v1/urls (private)

Mint multiple signed image URLs in one request.

Request JSON:

{ "items": [ /* each item has same shape as POST /v1/url */ ] }
  • items.length must be 1–25

Response 200:

{ "urls": [{ "templateId": "...", "url": "...", "expiresAt": 1710345600000 }] }

Operational limits:

  • Body size max: 256 KB

GET /v1/image (public, signed — served by Cloudflare Worker)

Requests to api.htmlpix.com/v1/image are 301-redirected to the Cloudflare Worker at image.htmlpix.com/v1/image. The Worker renders the image from VNode data stored in R2/KV.

Required query params:

ParamDescription
templateIdTemplate identifier
uidUser ID that minted the URL
expExpiry timestamp (unix ms)
sigHMAC signature — invalidated if any param changes

Optional query params:

ParamDefaultDescription
width1200Image width
height630Image height
formatwebppng, jpeg, or webp
quality0–100
dprDevice pixel ratio
tvCache version tag
rvRender version
v_<name>Template variables as v_title=Hello

Behavior:

  • 403 URL_EXPIRED — URL past expiry
  • 403 INVALID_SIGNATURE — params modified after signing
  • Returns image bytes with immutable caching headers and ETag
  • Supports 304 Not Modified via If-None-Match

Important: treat minted URLs as opaque. If any query value changes, signature validation fails.

GET /v1/templates (private)

List templates visible to the authenticated user.

Query params:

ParamDefaultValues
scopeallall, mine, starter

Response 200:

{ "templates": [ /* template objects */ ] }

POST /v1/templates (private)

Create a custom template. Templates are defined by a single code field containing JSX/TSX source code. The server compiles, validates, and extracts variables automatically.

Request JSON:

FieldTypeRequiredConstraints
namestringyesmax 120 chars
descriptionstringnomax 2000 chars
codestringyesmax 180,000 chars — JSX/TSX template source

Legacy fields jsx, variables, googleFonts, width, height, format are rejected with error code LEGACY_TEMPLATE_PAYLOAD. Use code only.

Response 201:

{ "templateId": "abc123..." }

Error responses:

  • 400 COMPILE_ERROR — JSX compilation or validation failed
  • 400 LEGACY_TEMPLATE_PAYLOAD — sent a deprecated field

GET /v1/templates/:templateId (private)

Fetch one template visible to the caller.

Response 200:

{ "template": { /* template object */ } }
  • 404 TEMPLATE_NOT_FOUND if not visible to caller

PATCH /v1/templates/:templateId (private)

Update template fields. At least one field required.

Request JSON:

FieldTypeRequiredConstraints
namestringnomax 120 chars
descriptionstringnomax 2000 chars
codestringnomax 180,000 chars — JSX/TSX template source

Legacy fields jsx, variables, googleFonts, width, height, format are rejected.

Response 200:

{ "templateId": "abc123..." }

Error responses:

  • 400 EMPTY_UPDATE — no updatable field provided
  • 400 COMPILE_ERROR — JSX compilation failed
  • 404 TEMPLATE_NOT_FOUND — template doesn't exist or not owned by caller

POST /v1/templates/generate (private)

AI-assisted template generation. Always uses batch format.

Request JSON:

{
  "items": [
    { "prompt": "A social card with bold title and gradient background", "width": 1200, "height": 630 }
  ]
}
FieldTypeRequiredConstraints
itemsarrayyes1–5 items
items[].promptstringyesmax 2000 chars
items[].widthintegerno1–4096, default 1200
items[].heightintegerno1–4096, default 630

Response 200:

{
  "results": [
    { "ok": true, "result": { /* generated template data */ } },
    { "ok": false, "error": "error message" }
  ]
}

Each item settles independently — some may succeed while others fail.

Error responses:

  • 429 QUOTA_EXCEEDED — AI generation quota hit
  • 402 SUBSCRIPTION_REQUIRED — paid plan needed
  • 422 PARSE_FAILED — AI output couldn't be parsed
  • 502 AI_NOT_CONFIGURED — AI provider not set up
  • 502 GENERATION_FAILED — generic AI failure

Safe Integration Pattern

  1. Keep API key server-side only.
  2. Mint with POST /v1/url or /v1/urls on your backend.
  3. Store/embed the returned url directly (meta tags, email HTML, social cards, etc.).
  4. Do not re-sign or mutate query params client-side.
  5. Handle 402, 429, and 503 with retries/fallback messaging.

Minimal Examples

# Mint a single image URL
curl -X POST https://api.htmlpix.com/v1/url \
  -H "Authorization: Bearer $HTMLPIX_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "templateId": "tmpl_123",
    "variables": { "title": "Launch Day" },
    "width": 1200,
    "height": 630,
    "format": "png"
  }'

# List your templates
curl -X GET "https://api.htmlpix.com/v1/templates?scope=mine" \
  -H "Authorization: Bearer $HTMLPIX_API_KEY"

# Create a template from code
curl -X POST https://api.htmlpix.com/v1/templates \
  -H "Authorization: Bearer $HTMLPIX_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "My Social Card",
    "code": "export default function Template({ title }) {\n  return <div style={{ fontSize: 48 }}>{title}</div>\n}"
  }'

# AI-generate a template
curl -X POST https://api.htmlpix.com/v1/templates/generate \
  -H "Authorization: Bearer $HTMLPIX_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "items": [{ "prompt": "Minimalist blog post OG image with title and author" }]
  }'

If the user asks for an endpoint not listed above, say it is not present in the current server route table and avoid inventing routes.

Comments

Loading comments...