Rendiff is an enterprise-grade REST API layer built on top of FFmpeg, the industry-standard multimedia framework. Replace complex FFmpeg CLI operations with a modern, secure, and scalable REST API featuring hardware acceleration, real-time progress tracking, and comprehensive security hardening.
Powered by FFmpeg: This project leverages FFmpeg for all media processing operations. FFmpeg is a complete, cross-platform solution to record, convert, and stream audio and video. Learn more at ffmpeg.org.
🔒 Security Note: This API has undergone comprehensive security hardening with all 34 critical vulnerabilities resolved. Safe for production deployment.
Rendiff provides a production-ready API abstraction over FFmpeg, making it easy to integrate powerful media processing capabilities into your applications without dealing with FFmpeg's complex CLI interface directly.
What Rendiff Does:
- Exposes FFmpeg's capabilities through a clean REST API
- Handles job queuing, progress tracking, and error handling
- Provides enterprise security features (auth, rate limiting, input validation)
- Supports distributed processing with multiple workers
- Integrates with cloud storage (S3, Azure, GCP)
What FFmpeg Does (Under the Hood):
- All actual media encoding, decoding, and transcoding
- Hardware acceleration (NVENC, QSV, VAAPI)
- Format conversion and streaming generation
- Quality analysis (VMAF, PSNR, SSIM)
- Complete FFmpeg Capability - Full CLI parity with REST API convenience
- Hardware Acceleration - NVENC, QSV, VAAPI, VideoToolbox support
- Quality Metrics - Built-in VMAF, PSNR, SSIM analysis via FFmpeg
- Async Processing - Non-blocking operations with real-time progress
- Batch Operations - Process multiple files concurrently
- Streaming Support - Generate HLS/DASH adaptive streams
- Multi-layered Authentication - API keys with role-based access
- Rate Limiting - Endpoint-specific limits with burst control
- Input Validation - Comprehensive sanitization and size limits
- Path Traversal Protection - Advanced canonicalization security
- Command Injection Prevention - Secure FFmpeg parameter handling
- SSRF Protection - Webhook URL validation and internal network blocking
- Timing Attack Mitigation - Constant-time API key validation
- Circuit Breaker Pattern - Automatic failure protection for external services
- Distributed Locking - Redis-based coordination for critical sections
- Health Monitoring - Comprehensive dependency health checks
- Connection Pooling - Optimized database and storage connections
- Resource Limits - CPU, memory, and bandwidth governance
- Webhook Retry Logic - Exponential backoff with failure handling
- Performance Monitoring - Prometheus metrics with Grafana dashboards
- Multi-Cloud Storage - S3, Azure, GCP, and local filesystem
- Atomic Operations - TOCTOU-safe file handling
- Memory Management - Guaranteed cleanup and leak prevention
- Database Optimization - Indexed queries and transaction isolation
- Container Native - Production-optimized Docker deployment
# Clone and deploy
git clone https://github.com/rendiffdev/rendiff-dev.git
cd rendiff-dev
# Run database migration for performance indexes
docker compose run --rm api alembic upgrade head
# Deploy all services
docker compose -f compose.prod.yml up -d
# API is now available at http://localhost:8000
curl http://localhost:8000/api/v1/health🔧 Migration Note: Run
alembic upgrade headbefore deployment to add performance indexes.
For detailed setup options, see the Setup Guide.
POST /api/v1/convert # Media conversion (FFmpeg transcode)
POST /api/v1/analyze # Quality metrics (VMAF, PSNR, SSIM)
POST /api/v1/stream # HLS/DASH adaptive streaming
POST /api/v1/batch # Batch processingGET /api/v1/jobs # List jobs
GET /api/v1/jobs/{id} # Job status
DELETE /api/v1/jobs/{id} # Cancel jobGET /api/v1/health # Comprehensive health check
GET /api/v1/metrics # Prometheus metrics
GET /api/v1/stats # System statistics
GET /docs # Interactive API documentationRendiff Services:
├── API (FastAPI) # REST API with security hardening
├── Workers (Celery) # FFmpeg processing with circuit breakers
├── Queue (Redis/Valkey) # Task queue with distributed locking
├── Database (PostgreSQL) # ACID transactions with performance indexes
├── Storage (Multi-cloud) # S3/Azure/GCP with connection pooling
├── Monitoring # Prometheus/Grafana with comprehensive health checks
└── Security # Rate limiting, input validation, SSRF protection
FFmpeg Integration:
└── Workers execute FFmpeg commands for all media operations
├── Transcoding (H.264, H.265, VP9, AV1)
├── Hardware acceleration (NVENC, QSV, VAAPI)
├── Streaming (HLS, DASH)
└── Quality analysis (VMAF, PSNR, SSIM)Defense in Depth:
├── Network: Rate limiting, IP whitelisting
├── Authentication: API keys with timing attack protection
├── Input: Size limits, path traversal prevention, sanitization
├── Processing: Command injection prevention, resource limits
├── Output: Information disclosure prevention, webhook validation
└── Infrastructure: Circuit breakers, distributed locking, health monitoringInput: MP4, AVI, MOV, MKV, WebM, FLV, MP3, WAV, FLAC, AAC, and more Output: MP4, WebM, MKV, HLS, DASH with H.264, H.265, VP9, AV1 codecs
All format support is provided by FFmpeg. See FFmpeg Formats Documentation for complete list.
Configuration via environment variables or .env file:
# Core Services
API_HOST=0.0.0.0
API_PORT=8000
DATABASE_URL=postgresql://user:pass@localhost/rendiff
VALKEY_URL=redis://localhost:6379
# Security (Production Hardened)
ENABLE_API_KEYS=true
ENABLE_IP_WHITELIST=false
RATE_LIMIT_CALLS=2000
RATE_LIMIT_PERIOD=3600
MAX_FILE_SIZE=10737418240 # 10GB
MAX_CONCURRENT_JOBS=10
# Performance & Reliability
WORKER_CONCURRENCY=4
DATABASE_POOL_SIZE=20
DATABASE_MAX_OVERFLOW=40
CIRCUIT_BREAKER_ENABLED=true
HEALTH_CHECK_INTERVAL=30
# FFmpeg / Hardware Acceleration
FFMPEG_HARDWARE_ACCELERATION=auto
ENABLE_GPU_WORKERS=false
FFMPEG_THREADS=0 # 0 = auto-detect
FFMPEG_PRESET=medium# Authentication
API_KEY_LENGTH=32
API_KEY_EXPIRY_DAYS=365
ENABLE_ADMIN_ENDPOINTS=false
# Rate Limiting (per API key)
ANALYZE_RATE_LIMIT=100/hour
STREAM_RATE_LIMIT=50/hour
CONVERT_RATE_LIMIT=200/hour
# Resource Limits
MAX_RESOLUTION=7680x4320 # 8K
MAX_BITRATE=100M
MAX_PROCESSING_TIME=3600 # 1 hour- Setup Guide - Installation and configuration
- Deployment Guide - Production deployment with security hardening
- Migration Guide - Database migrations and upgrades
- Security Guide - Security policies and hardening checklist
- API Reference - Complete endpoint documentation with examples
- Authentication Guide - API key management and security
- Webhook Guide - Webhook configuration and retry logic
- Contributing - Development guidelines and standards
- Health Monitoring - Health checks and dependency monitoring
- Performance Tuning - Optimization and scaling guidelines
- Runbooks - Operational procedures and troubleshooting
- Audit Report - Security vulnerability assessment (resolved)
- CPU: 4 cores
- RAM: 8GB
- Storage: 50GB SSD
- Network: 100 Mbps
- CPU: 8+ cores (16+ for high throughput)
- RAM: 32GB (64GB+ for 4K/8K processing)
- GPU: NVIDIA RTX/Quadro or AMD for hardware acceleration
- Storage: 500GB+ NVMe SSD (1TB+ for high volume)
- Network: 1 Gbps+ (10 Gbps for streaming workloads)
- CPU: 16+ cores per node, multi-node cluster
- RAM: 64GB+ per node
- GPU: Multiple NVIDIA A100/H100 or equivalent
- Storage: High-performance SAN with 10K+ IOPS
- Network: 25 Gbps+ with redundancy
- Load Balancer: HAProxy/NGINX for multi-instance deployment
- Container Runtime: Docker 20.10+ or containerd
- FFmpeg: 6.0+ (included in Docker images)
- Database: PostgreSQL 14+ (recommended) or SQLite 3.38+
- Cache/Queue: Redis 7.0+ or Valkey
- Monitoring: Prometheus + Grafana (optional)
- Reverse Proxy: Traefik, NGINX, or HAProxy (production)
Rendiff has undergone comprehensive security hardening:
- 34/34 Critical Issues Resolved - All vulnerabilities patched
- Zero Known CVEs - Dependencies updated to secure versions
- Production Ready - Approved for enterprise deployment
- Penetration Tested - Hardened against common attack vectors
- Input Validation - All user inputs sanitized and validated
- Rate Limiting - DDoS protection with endpoint-specific limits
- Access Control - Role-based API key authentication
- Audit Logging - Comprehensive security event logging
- Encryption - TLS 1.3 for data in transit
- Secrets Management - Environment-based configuration
- Security Audit Report - Comprehensive vulnerability assessment
- Fixes Implementation Report - Resolution documentation
- Security Policy - Security guidelines and procedures
Rendiff is powered by FFmpeg, the leading multimedia framework.
FFmpeg is a trademark of Fabrice Bellard, originator of the FFmpeg project.
FFmpeg is licensed under the LGPL/GPL license. This project uses FFmpeg as an external tool and does not modify or redistribute FFmpeg source code.
FFmpeg provides:
- Audio and video encoding/decoding
- Format conversion and muxing
- Hardware acceleration support
- Streaming protocols
- Quality analysis tools
We are grateful to the FFmpeg team and contributors for their incredible work on this essential multimedia toolkit.
- FastAPI - Modern Python web framework
- Celery - Distributed task queue
- PostgreSQL - Advanced open source database
- Redis - In-memory data structure store
We welcome contributions! Please see our Contributing Guide for details.
# Set up development environment
git clone https://github.com/rendiffdev/rendiff-dev.git
cd rendiff-dev
# Install dependencies
pip install -r requirements-dev.txt
# Run tests
pytest tests/ -v
# Run security checks
bandit -r api/ worker/
safety checkThis project is licensed under the MIT License - see the LICENSE file for details.
Note: While Rendiff is MIT licensed, it depends on FFmpeg which is licensed under LGPL/GPL. When deploying, ensure compliance with FFmpeg's licensing terms. See FFmpeg Legal for details.
Enterprise-grade media processing API powered by FFmpeg.
- ✅ 34 Critical Security Issues Resolved
- ✅ Zero Breaking Changes - Fully backward compatible
- ✅ Production Tested - Battle-tested architecture
- ✅ Performance Optimized - Database indexes, connection pooling, async I/O
- ✅ Monitoring Ready - Health checks, metrics, alerting
- ✅ Scalable Design - Horizontal scaling with load balancing
Built with FastAPI, FFmpeg 6.0+, Redis, PostgreSQL, and Docker for professional video processing workflows.
Ready for immediate production deployment. 🚀