API Keys

An API key is an authentication credential that can be used with the Files.com API and SDKs. This API (and our SDKs) can be used for integrating Files.com with your own applications, such as iPaaS applications. API keys are independent from one another, and are easily disposable. By generating unique API keys for each of your applications or servers, you can easily revoke them if needed without disrupting your other integrations.

Files.com supports two types of API keys: Site-wide keys and User keys. Site-wide keys provide full access to the entire API, while user keys will provide access based on the permissions of the associated user. For example, the key of an administrator will provide full access to the entire API, while the key of a non-administrator will only provide access to files that the user can access, and no access to site administration functions in the API.

We strongly recommend associating all API keys with a non-administrator user account if at all possible. Site-wide keys or keys associated with a Site Administrator's user account will be able to perform any function on the site, including things like deleting all files, or deleting all users.

Site-wide keys have complete access to your entire site. We recommend generating separate site-wide keys for each custom integration that requires it, so that you can disable one key without affecting your other custom automated processes.

User keys are associated with a single user account, and they have access to the same resources and operations as that user.

Site API keys can only be created by site administrators, and they have complete access to your entire site. Whenever possible, we strongly encourage you to use a user API key for a user account (that is not a site administrator) instead.

When you create a new site key, you must provide a human-readable name, which allows you to track why each key was generated. You may also include an expiration date.

When the key is first created, you will have access to the key value. You can never retrieve the key value again, so be sure to save it.

Site administrators can create user API Keys for any user. If your site settings allow it, users who are not site administrators can create their own user API Keys.

User API Keys must be associated with a user, so you must provide the user ID. You must also provide a human-readable name, which allows you to track why each key was generated. You may also include an expiration date.

When the key is first created, you will have access to the key value. You can never retrieve the key value again, so be sure to store the value immediately.

You can temporarily disable a user API key by updating its permission set to none. This will allow you to later reactivate the same key by updating its permissions again.

To permanently revoke a key, you can delete it. Site API keys can only be deleted by site administrators. User keys for any user can be deleted by any site administrator. If your site settings allow it, users who are not site administrators can delete their own user API Keys.

When the key is first created, you will have access to the key value. You cannot access the value of an existing API Key. This is a standard security precaution that most platforms take to maintain the secrecy of important credentials.

If you have lost the contents of your key somehow, you will need to delete the existing API Key entry and create a new one.