API Keys

---

An API key is an authentication credential that can be used with the Files.com API and SDKs. This API (and our SDKs) can be used for integrating Files.com with your own applications, such as iPaaS applications. API keys are independent from one another, and are easily disposable. By generating unique API keys for each of your applications or servers, you can easily revoke them if needed without disrupting your other integrations.

Files.com supports two types of API keys: Site-wide keys and User keys. Site-wide keys provide full access to the entire API, while user keys will provide access based on the permissions of the associated user. For example, the key of an administrator will provide full access to the entire API, while the key of a non-administrator will only provide access to files that the user can access, and no access to site administration functions in the API.

Actions performed by an API key will be recorded in logs as if they were performed by their associated user.

You can also use an API key as the password to sign in to FTP, SFTP, and WebDAV. This is useful when you have scripts or applications that need to sign in using FTP, SFTP, and WebDAV protocols. In this case, the user login name will be @api-[key-id or API key name] and the password will be API key content.

We strongly recommend associating all API keys with a non-administrator user account if at all possible. Site-wide keys or keys associated with a Site Administrator's user account will be able to perform any function on the site, including things like deleting all files, or deleting all users.

Files.com supports two types of API Keys, known as site-wide keys and user keys.

Site-wide keys have complete access to your entire site. We recommend generating separate site-wide keys for each custom integration that requires it, so that you can disable one key without affecting your other custom automated processes.

User keys are associated with a single user account, and they have access to the same resources and operations as that user.

API Keys are created through the web interface. Any user can create user keys for their own accounts, but site administrators have more access.

Site-wide keys can only be created by Site Administrators. Within the web interface, visit the Api Keys page by typing "Api Keys" in the search at the top of the screen and clicking on the matching result.

You must provide a human-readable Name, which allows you to track why each key was generated. You may also include a Valid through expiration date.

When the key is created, you will be presented with the key and the option to copy the key to your clipboard. There is no way to see the key after dismissing this popup - if you haven't copied the key, you'll need to delete it and start over.

All users can create their own API Keys, but site administrators can create API Keys for another user.

In the dropdown menu that appears when you click your username at the top-right of the screen, select My Account. This page shows many of your personal user settings, and you can add API Keys for your own account here.

You must provide a human-readable Name, which allows you to track why each key was generated. You may also include a Valid through expiration date.

When the key is created, you will be presented with the key and the option to copy the key to your clipboard. There is no way to see the key after dismissing this popup - if you haven't copied the key, you'll need to delete it and start over.

To add new user keys for another user, edit the user settings for the desired user and locate the Api Keys section.

You must provide a human-readable Name, which allows you to track why each key was generated. You may also include a Valid through expiration date.

When the key is created, you will be presented with the key and the option to copy the key to your clipboard. There is no way to see the key after dismissing this popup - if you haven't copied the key, you'll need to delete it and start over.

API keys can be revoked by deleting them from Files.com. Site-wide keys can only be deleted by Administrators. Users can delete their own API Keys, and site administrators can delete any API Key.

In the dropdown menu that appears when you click your username at the top-right of the screen, select My Account. This page shows many of your personal user settings, including any API Keys that have been created for you. You can delete your keys on this page.

Site administrators have access to the list of all API Keys, both site-wide and user keys, that have been created in the site. Within the web interface, visit the Api Keys page by typing "Api Keys" in the search at the top of the screen and clicking on the matching result.

When an API Key is first created, a popup is displayed that contains the key - this is the only opportunity to view the value of that API Key. You cannot access the value of an existing API Key. This is a standard security precaution that most platforms take to maintain the secrecy of important credentials.

If you have lost the contents of your key somehow, you will need to delete the existing API Key entry and create a new one.