API Secret Keys

As their name states, API Secret Keys should be kept secret and used for server-to-server communication to upload and manage your assets in Filerobot. API Secret Keys should not be used for the Filerobot widgets and plugins: Uploader Widget, Image Editor and 360° Spin plugin, which would expose your keys. The plugins should be configured for using API Access Keys.

Obtaining API Secret Keys

Authentication against the Filerobot API is done with an API Secret Key available under Settings > Developer > API Secret Keys.

You can create additional API Secret Keys and define permissions for the key through the Create new key button.

Key Permissions

Each API Secret Key has associated permissions:

Permission name Description
OBJECTS_LIST List files
OBJECTS_FETCH Fetch/Access file
FILE_UPLOAD Upload file
FILE_RENAME Rename file
FILE_MOVE Move file
FILE_META_CHANGE Create file metadata
FILE_DELETE Delete file
DIR_CREATE Create directory
DIR_RENAME Rename directory
DIR_MOVE Move directory
DIR_META_CHANGE Create directory metadata
DIR_DELETE Delete directory
CONFIG_CHANGE Change storage container configuration
CONFIG_LIST List storage container configuration

Making your first API Call

The key is passed as part the X-Filerobot-Key HTTP header in every API request, for example:

Cupy-paste the cURL request in your Terminal or click on the API Explorer tab to see the API in action.

host: 'https://api.filerobot.com' path: /fusqadtm/list method: GET parameters: {} variables: {} headers: X-Filerobot-Key: 19692813e7364ef8ad6a6504d50a12ca body: "" theme: clouds-midnight curlAPIKey: "" axiosTimeout: 35000 maxContentLength: 150000 render: curl_tab: true

Secret Keys should be used for initial migrations involving large amounts of media assets to be uploaded at once.