Skip to main content

API Keys

An API key is an authentication credential that can be used with the Files.com APIExternal LinkThis link leads to an external website and will open in a new tab and SDKs. This API (and our SDKs) can be used for integrating Files.com with your own applications, such as iPaaS applications. API keys are independent from one another, and are easily disposable. By generating unique API keys for each of your applications or servers, you can easily revoke them if needed without disrupting your other integrations.

Types of API Keys

Files.com supports two types of API keys: Site-wide keys and User keys. Site-wide keys provide full access to the entire API, while user keys will provide access based on the permissions of the associated user. For example, the key of an administrator will provide full access to the entire API, while the key of a non-administrator will only provide access to files that the user can access, and no access to site administration functions in the API.

We strongly recommend associating all API keys with a non-administrator user account if at all possible. Site-wide keys or keys associated with a Site Administrator's user account will be able to perform any function on the site, including things like deleting all files, or deleting all users.

Site-wide keys have complete access to your entire site. We recommend generating separate site-wide keys for each custom integration that requires it, so that you can disable one key without affecting your other custom automated processes.

User keys are associated with a single user account, and they have access to the same resources and operations as that user.

Creating Site API Keys

Site API keys can only be created by site administrators, and they have complete access to your entire site. Whenever possible, we strongly encourage you to use a user API key for a user account (that is not a site administrator) instead.

When you create a new site key, you must provide a human-readable name, which allows you to track why each key was generated. You may also include an expiration date.

When the key is first created, you will have access to the key value. You can never retrieve the key value again, so be sure to save it.

Creating User API Keys

Site administrators can create user API Keys for any user. If your site settings allow it, users who are not site administrators can create their own user API Keys.

User API Keys must be associated with a user, so you must provide the user ID. You must also provide a human-readable name, which allows you to track why each key was generated. You may also include an expiration date.

When the key is first created, you will have access to the key value. You can never retrieve the key value again, so be sure to store the value immediately.

Disabling and Revoking API Keys

You can temporarily disable a user API key by updating its permission set to none. This will allow you to later reactivate the same key by updating its permissions again.

To permanently revoke a key, you can delete it. Site API keys can only be deleted by site administrators. User keys for any user can be deleted by any site administrator. If your site settings allow it, users who are not site administrators can delete their own user API Keys.

Viewing Existing API Keys

When the key is first created, you will have access to the key value. You cannot access the value of an existing API Key. This is a standard security precaution that most platforms take to maintain the secrecy of important credentials.

If you have lost the contents of your key somehow, you will need to delete the existing API Key entry and create a new one.

Using API Keys with Child Sites

API Keys are linked to just one site. It doesn’t matter if the key is for the whole site or for one user - it only works with the site it was made for. If an API key was made for a parent site, it can only be used with that parent site. If it was made for a child site, it only works with that child site.

User-specific API keys have an extra rule - the user has to belong to the same site where the key was made. For example, if you make a key in a child site for a user from the parent site, it won’t work. Only users who are part of the same site as the key can use it.

Get Instant Access to Files.com

The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.

Start My Free Trial