Skip to main content
Documentation

API Keys

An API key is an authentication credential used with the Files.com APIExternal LinkThis link leads to an external website and will open in a new tab and SDKs to integrate Files.com with your own applications, such as iPaaS applications. API keys are independent from one another. Generating a unique API key for each application or server lets you revoke any one of them without disrupting your other integrations.

Types of API Keys

Files.com supports two types of API keys: Site-wide keys and User keys. Site-wide keys provide full access to the entire API. User keys provide access based on the permissions of the associated user. The key of an administrator provides full access to the entire API; the key of a non-administrator provides access only to files that user can access, and no access to site administration functions in the API.

We strongly recommend associating all API keys with a non-administrator user account whenever possible. Site-wide keys, or keys associated with a Site Administrator's user account, can perform any function on the site, including deleting all files or deleting all users.

Site-wide keys have complete access to your entire site. We recommend generating a separate site-wide key for each custom integration that requires one, so that you can disable one key without affecting your other automated processes.

User keys are associated with a single user account and have access to the same resources and operations as that user.

Creating Site API Keys

Only site administrators can create site API keys, and these keys have complete access to your entire site. Whenever possible, use a user API key tied to a non-administrator user account instead.

When you create a new site key, provide a human-readable name so you can track why each key was generated. You can also include an expiration date.

The key value is shown only when the key is first created. You cannot retrieve the value later, so save it immediately.

Creating User API Keys

Site administrators can create user API Keys for any user. If your site settings allow it, users who are not site administrators can create their own user API Keys.

A user API Key must be associated with a user, so provide the user ID. Also provide a human-readable name to track why the key was generated. You can include an expiration date.

The key value is shown only when the key is first created. You cannot retrieve the value later, so store it immediately.

S3 Compatible API Keys

You can create S3-compatible API keys by selecting the Enable use with Inbound S3-compatible clients option when creating a key. This enables connections to your Files.com site from S3-compatible applications using the Amazon S3 protocol.

S3-compatible API keys are tied to individual user accounts and do not support site-wide access. Choose the user account that will be in charge of S3 connections made with this key.

When you enable this option, Files.com displays an Access Key ID and a corresponding Secret Key. Store these values immediately. Once you close the window, you cannot retrieve them again.

Disabling and Revoking API Keys

You can temporarily disable a user API key by updating its permission set to none. You can later reactivate the same key by updating its permissions again.

To permanently revoke a key, delete it. Only site administrators can delete site API keys. Any site administrator can delete user keys for any user. If your site settings allow it, users who are not site administrators can delete their own user API Keys.

Viewing Existing API Keys

The key value is shown only when the key is first created. You cannot access the value of an existing API Key afterward. This is a standard security precaution that most platforms take to maintain the secrecy of important credentials.

If you have lost the contents of your key, delete the existing API Key entry and create a new one.

Using API Keys with Child Sites

An API key is linked to a single site. Whether the key is site-wide or for one user, it only works with the site it was created on. A key created on a parent site only works on that parent site; a key created on a child site only works on that child site.

User-specific API keys have an additional rule: the user must belong to the same site where the key was created. A key created on a child site for a user from the parent site does not work. Only users who belong to the same site as the key can use it.