As their name states, API Secret Keys should be kept secret and used for server-to-server communication to manage files in Filerobot. API Secret Keys should not be used for the Filerobot plugins: Uploader Widget, Image Editor and 360° Spin plugin. These should be used with API access keys created using Security templates.
Obtaining API Secret Keys
Authentication against the Filerobot API is done with an API Secret Key available under Developer / API Secret Keys.
You can create additional API Secret Keys and define permissions for the key through the Create new key button.
Key permissions
Each API Secret Key has associated permissions:
| Permission name | Description |
|---|---|
| OBJECTS_LIST | List files |
| OBJECTS_FETCH | Fetch/Access file |
| FILE_UPLOAD | Upload file |
| FILE_RENAME | Rename file |
| FILE_MOVE | Move file |
| FILE_META_CHANGE | Create file metadata |
| FILE_DELETE | Delete file |
| DIR_CREATE | Create directory |
| DIR_RENAME | Rename directory |
| DIR_MOVE | Move directory |
| DIR_META_CHANGE | Create directory metadata |
| DIR_DELETE | Delete directory |
| CONFIG_CHANGE | Change storage container configuration |
| CONFIG_LIST | List storage container configuration |
Making your first API call
The key is passed as part the X-Filerobot-Key HTTP header in every API request, for example:
Copy-paste the cURL request in your Terminal or click on the API Explorer tab to see the API in action.