Security first - why should you always restrict your API keys?

Your API keys are the primary way Shardimage authenticates your access to the platform's APIs and SDKs.

Shardimage API requires you to sending authenticating data (generated from API key and API/URL secret) with each and every API calls. API keys act as unique identifiers - they authenticate the calls you make and ensure they are billed to the correct account. Your API keys are the primary way Shardimage authenticates your access to the platform's APIs and SDKs.

Why should I restrict my API keys?

If you want to make sure your Shardimage platform account is secure, restricting your API keys is the way to go. Just like the keys to your house - it’s important to make sure they can only be used by the people and in the way you want, since you can always change the restrictions later, if needed.

What’s an API key restriction?

API key restrictions are settings you apply to an API key that limit which applications, APIs, and SDKs can be used with that key. Additionally, you can specify exactly which cloud you want it to be used and for how long. For example: when you are migrating to Shardimage, you have a chance to create an API key that allows only to upload to a certain cloud and for a certain amount of time.

This way, you don't need to worry about things like someone cracks your mailbox and finds e-mails with sensitive data in it. Also, there is no way to copy a program code and upload images to a different cloud, unintentionally.

What types of API key restrictions are available?

There are three types of key restrictions available: to cloud, to usage and expiry date.

  • restrictions to cloud: the key is restricted to one specific cloud. This will automatically make certain administrative API calls (e.g.: creating clouds) unavailable.
  • restriction to usage: when creating the key, it will actually create 2 separate keys
    • one key is to use for the API: lets you access to the API only (e.g.: backend services), and its name is API key
    • when serving the image for encrypting the URL: it is only applicable when you wish to encrypt the URL which serves the image (e.g.: frontend services) and its name is Image URL secret.
  • restriction for expiry date: the key can only be applied until a certain date and time

In addition to this, you have a change to generate access tokens. These can be generated dynamically from the API in unlimited numbers where you can limit the number of occasions you can use them.

How do I restrict my API keys?

Restricting an API key is fast and easy, but it is recommended that you apply some restrictions to every key you generate when you generate it. If you decide to assign a cloud to an API key, you will only able to use that key to access that specific cloud.

Guides, cheatsheets and tips about the increasingly important role of images in modern web design. Follow me on Twitter and Facebook too, for more handy content!

You might also like
Adding free images to your blog using Creative Commons 3 min read
The images you find for your post are almost always subject to restrictive copyright terms. What can you do? Luckily, we...
List of HTTP status codes 8 min read
You see HTTP status codes everyday, but do you know what they mean?
Google Image Publishing Guidelines 2 min read
These are the guidelines that Google suggests in order to increase the likelihood that your content will appear in Google...