For the current version, please visit the website.
An API key is an authentication credential that can be used with the Files.com API and SDKs. This API (and our SDKs) can be used for integrating Files.com with your own applications, as well as other applications via our Zapier integration. API keys are independent from one another, and are easily disposable. By generating unique API keys for each of your applications or servers, you can easily revoke them if needed without disrupting your other integrations.
Files.com supports two types of API keys: Site-wide keys and User keys. Site-wide keys provide full access to the entire API, while user keys will provide access based on the permissions of the associated user. For example, the key of an administrator will provide full access to the entire API, while the key of a non-administrator will only provide access to files that the user can access, and no access to site administration functions in the API.
Actions performed by an API key will be recorded in logs as if they were performed by their associated user.
We strongly recommend associating all API keys with a non-admin user account if at all possible. Site-wide keys or keys associated with a Site Admin's user account will be able to perform any function on the site, including things like deleting all files, or deleting all users.
You can manage your API Keys from the Files.com web interface by logging in as an administrator and navigating to Settings > API. (you can also manage API keys from the API itself.)
Site-wide keys are generated from Settings > API. User keys are generated from Users > [username].
- Click the API Keys setting on the left.
- Enter a Name for the API key. This is simply a label to help you keep track of your different keys.
- Optionally set a Valid through date to have the key automatically expire after the given date.
- Click the add key button and copy your provided key.
An API key will only be displayed once, so be sure to copy it and store it in a secure location. If an API key is ever lost or otherwise compromised, you should immediately revoke it and generate a new one.
API keys can be revoked at any time by clicking the Delete button in the Actions column. When a key is revoked, API calls using that key will fail, and any integrations using that key will no longer function.