Accepted Input Formats

The Roboflow team has designed the inference server to be user-friendly and straightforward to integrate. We offer configuration options that allow users to disable potentially unsafe behaviors for production-ready deployments.

Deserialization of Pickled NumPy Objects

One of the ways to send requests to the inference server is via serialized numpy objects:

import cv2
import pickle
import requests

image = cv2.imread("...")
img_str = pickle.dumps(image)

infer_payload = {
    "model_id": "{project_id}/{model_version}",
    "image": {
        "type": "numpy",
        "value": img_str,
    },
    "api_key": "YOUR-API-KEY",
}

res = requests.post(
    "http://localhost:9001/infer/{task}",
    json=infer_payload,
)

Starting from version v0.14.0, deserialization of this type of payload is disabled by default. However, you can enable it by setting an environmental variable, ALLOW_NUMPY_INPUT=True. This option is not available in Roboflow's Hosted Inference API.

Warning

Roboflow advises all users hosting the inference server in production environments not to enable this option if the server is open to requests from the open Internet or is not locked down to accept only authenticated requests from your workspace's API key.

Sending URLs to Inference Images

Making GET requests to obtain images from URLs can expose the server to server-side request forgery (SSRF) attacks. However, it is also very convenient to simply provide an image URL for requests:

import requests

infer_payload = {
    "model_id": "{project_id}/{model_version}",
    "image": {
        "type": "numpy",
        "value": "https://some.com/image.jpg",
    },
    "api_key": "YOUR-API-KEY",
}

res = requests.post(
    "http://localhost:9001/infer/{task}",
    json=infer_payload,
)

This option is enabled by default, but we recommend configuring the server to enhance security using one or more of the following environment variables:

ALLOW_URL_INPUT — Set to False to disable image URLs of any kind from being accepted by the server. Default: True.
ALLOW_NON_HTTPS_URL_INPUT — Set to False to only allow HTTPS protocol in URLs (useful to make sure domain names are not maliciously resolved). Default: False.
ALLOW_URL_INPUT_WITHOUT_FQDN — Set to False to enforce URLs with fully qualified domain names only and reject URLs based on IPs. Default: False.
WHITELISTED_DESTINATIONS_FOR_URL_INPUT — Optionally specify a comma-separated list of allowed destinations for URL requests. For example: WHITELISTED_DESTINATIONS_FOR_URL_INPUT=192.168.0.15,some.site.com. URLs pointing to other targets will be rejected.
BLACKLISTED_DESTINATIONS_FOR_URL_INPUT — Optionally specify a comma-separated list of forbidden destinations for URL requests. For example: BLACKLISTED_DESTINATIONS_FOR_URL_INPUT=192.168.0.15,some.site.com. URLs pointing to these targets will be rejected.
ALLOW_LOADING_IMAGES_FROM_LOCAL_FILESYSTEM — Set to False to disable local filesystem access to images. Default: True.