Configuring API Keys
Bytescale API keys can be configured with different permissions, upload locations, and tags.
Bytescale supports two types of API key:
Secret API keys (secret_xxxxx):
Secret API keys are designed for your backend code.
Secret API keys can perform all API operations.
Public API keys (public_xxxxx):
Public API keys are designed for your frontend code.
Public API keys can only perform file uploads and file downloads. File overwrites, file deletes, and all other destructive operations cannot be performed using public API keys, unless accompanied by a JWT that includes these permissions.
To mitigate public API key theft: configure origin whitelists and upload rate limits in the Bytescale Dashboard.
To prevent public API key theft: use public API keys with JWTs and enable "require JWT" in the API key's settings page.
To configure a Bytescale API key:
Navigate to: https://www.bytescale.com/dashboard/security/api_keys
Find and edit your API key:
Click the "Permissions" tab.
Click the "Add Path Permission" button.
Add the paths /my_folder/* and/or /my_folder/*/**
The /* path suffix matches all children of the folder.
The /*/** path suffix matches all grandchildren of the folder, recursively.
Since they match different levels within the folder, you may want to specify both patterns, or just one of them.
Set the relevant permissions for your new path permission(s), e.g. "Uploads" and "Downloads".
Click "Save Changes".