Raviteja Nekkalapu

Posted on Dec 20

How to Test Image Rebuilding API: A Step-by-Step Guide

#webdev #javascript #security #api

A beginner-friendly walkthrough for testing image security APIs on RapidAPI

Introduction

You've learned about image security threats like polyglot files, steganography, and metadata leaks. Now you want to test an image rebuilding solution to see if it actually works.

This guide walks you through testing any image CDR (Content Disarm & Reconstruction) API on RapidAPI's playground—no coding required.

What You'll Need

A web browser
An image file to test (any JPEG, PNG, GIF, or WebP)
5 minutes

That's it. No installation. No setup.

Step 1: Navigate to the API

Visit the Zero Trust API on RapidAPI.

You should see the API overview page with:

Description
Pricing tiers
Endpoints

Step 2: Subscribe to the Free Tier

Before you can test, you need an API key. RapidAPI handles this automatically.

2.1 Click "Subscribe"

You'll see the pricing section with four tiers:

Plan	Price	Requests/Month	Best For
Basic	Free	100	Testing & evaluation
Pro	$10/mo	5,000	Small projects
Ultra	$50/mo	50,000	Production apps
Mega	$100/mo	100,000	High-volume services

Click "Subscribe" on the Basic (free) tier to get started.

2.2 Authorize with RapidAPI

If you're not logged in, RapidAPI will ask you to sign in or create an account. You can use:

Email
Google
GitHub

Once subscribed, you'll have access to the API playground.

Step 3: Open the Playground

After subscribing, you'll see the endpoint listed in the left sidebar:

Endpoints
├── rebuildImage    ← Click this

Click on "rebuildImage" to open the endpoint details.

Step 4: Configure the Request

You'll see the playground interface with several tabs:

┌────────────────────────────────────────────────────────────────┐
│  App    Params    Headers(2)    Body    Authorizations         │
├────────────────────────────────────────────────────────────────┤

4.1 Check the "App" Tab

Make sure your application and API key are selected. RapidAPI auto-fills this for you.

App: default-application_xxxxx
X-RapidAPI-Key: 97d55cc...  ← Your key (auto-filled)
Request URL: rapidapi.com

4.2 Go to the "Body" Tab

Click the "Body" tab. This is where you'll upload your image.

┌────────────────────────────────────────────────────────────────┐
│  Media Type          Example Name                              │
│  ┌──────────────┐   ┌──────────────┐                          │
│  │ BINARY    ▼ │   │ New Example  │                          │
│  └──────────────┘   └──────────────┘                          │
├────────────────────────────────────────────────────────────────┤
│                                                                │
│  file                                                          │
│  ┌───────────────────────────────────────────────────┐        │
│  │              📤 Upload                            │        │
│  └───────────────────────────────────────────────────┘        │
│                                                                │
└────────────────────────────────────────────────────────────────┘

4.3 Select BINARY Media Type

Make sure "BINARY" is selected in the Media Type dropdown (not JSON).

Media Type: BINARY  ✓

4.4 Upload Your Test Image

Click the "Upload" button under the "file" field.

Select any image from your computer:

JPEG (.jpg, .jpeg)
PNG (.png)
GIF (.gif)
WebP (.webp)

For best testing, use an image you know has metadata:

A photo from your phone (contains GPS, camera info)
A screenshot with EXIF data
Any image downloaded from the internet

Step 5: Test the Endpoint

With your image uploaded, click the blue "Test Endpoint" button:

┌─────────────────────────┐
│  ⚡ Test Endpoint       │
└─────────────────────────┘

5.1 Wait for the Response

The API will process your image. This typically takes 1-3 seconds.

You'll see a loading indicator while it processes.

5.2 View the Results

After processing, the "Results" tab will show the response:

┌────────────────────────────────────────────────────────────────┐
│  Code Snippets    Example Responses    Results                 │
├────────────────────────────────────────────────────────────────┤
│                                                                │
│  Response: 200 OK                                              │
│                                                                │
│  Headers:                                                      │
│  ├── content-type: image/png                                   │
│  ├── content-disposition: attachment; filename="rebuilt.png"   │
│  ├── x-rebuilt-by: ZeroTrust-WASM                              │
│  └── content-length: 45678                                     │
│                                                                │
│  Body: [Binary Data - Download Available]                      │
│                                                                │
└────────────────────────────────────────────────────────────────┘

5.3 Download the Rebuilt Image

Click the download link to save your rebuilt image.

The output will be:

PNG format (regardless of input format)
No metadata (completely stripped)
Rebuilt from raw pixels (not the original container)

Step 6: Verify the Results

6.1 Compare File Sizes

The rebuilt file size will often differ from the original because:

Different format (PNG vs JPEG)
Different compression
All metadata removed

6.2 Check Response Headers

Look for these headers in the response:

Header	Meaning
`content-type: image/png`	Output is always PNG
`x-rebuilt-by: ZeroTrust-WASM`	Processed by the CDR engine
`content-disposition: attachment; filename="rebuilt.png"`	Safe filename

6.3 Use EXIF Tools to Verify

See our separate guide on using EXIF tools to compare input/output metadata.

Understanding the Response Codes

Code	Meaning	What to Do
200	Success	Your image was rebuilt successfully
400	Dimensions exceeded	Image is larger than 4096×4096 pixels
401	Unauthorized	Check your API key
413	File too large	Image exceeds 5MB limit
415	Unsupported format	Use JPEG, PNG, GIF, or WebP
422	Malformed file	File is corrupt or not a valid image
429	Rate limit	You've exceeded your quota

Troubleshooting

"Response is empty"

Make sure you selected BINARY as the Media Type, not JSON.

"401 Unauthorized"

Check that you've subscribed to a plan
Try refreshing the page
Make sure your API key is populated in the "App" tab

"415 Unsupported Format"

The API only accepts:

JPEG
PNG
GIF
WebP

Other formats (TIFF, BMP, SVG, etc.) are not supported.

"The upload button doesn't appear"

Make sure Media Type is set to BINARY
Try a different browser
Disable ad blockers

What Just Happened?

When you clicked "Test Endpoint," here's what occurred:

Your Image                      API Processing                    Output
┌─────────────┐                ┌─────────────────┐              ┌─────────────┐
│ photo.jpg   │                │ 1. Validate     │              │ rebuilt.png │
│             │                │ 2. Decode       │              │             │
│ - 2.4 MB    │ ──────────────▶│ 3. Extract      │─────────────▶│ - 1.8 MB    │
│ - GPS data  │                │    pixels only  │              │ - No GPS    │
│ - Camera    │                │ 4. Destroy      │              │ - No EXIF   │
│   info      │                │    original     │              │ - Pure PNG  │
│ - EXIF      │                │ 5. Rebuild PNG  │              │             │
└─────────────┘                └─────────────────┘              └─────────────┘

The input was completely deconstructed. Only the visual pixels were kept. A brand new, sterile PNG file was created from scratch.

Next Steps

Now that you've tested the API:

Verify the output using EXIF analysis tools (Verification guide - Image Metadata Removal in Action)
Integrate into your app using the code snippets provided in RapidAPI -
Test edge cases with different file types and sizes

DEV Community