Shardimage API requires you to sending authenticating data (generated from API key and API/URL secret) with each and every API calls. API keys act as unique identifiers - they authenticate the calls you make and ensure they are billed to the correct account. Your API keys are the primary way Shardimage authenticates your access to the platform's APIs and SDKs.
Why should I restrict my API keys?
If you want to make sure your Shardimage platform account is secure, restricting your API keys is the way to go. Just like the keys to your house - it’s important to make sure they can only be used by the people and in the way you want, since you can always change the restrictions later, if needed.
What’s an API key restriction?
API key restrictions are settings you apply to an API key that limit which applications, APIs, and SDKs can be used with that key. Additionally, you can specify exactly which cloud you want it to be used and for how long. For example: when you are migrating to Shardimage, you have a chance to create an API key that allows only to upload to a certain cloud and for a certain amount of time.
This way, you don't need to worry about things like someone cracks your mailbox and finds e-mails with sensitive data in it. Also, there is no way to copy a program code and upload images to a different cloud, unintentionally.
What types of API key restrictions are available?
There are three types of key restrictions available: to cloud, to usage and expiry date.
- restrictions to cloud: the key is restricted to one specific cloud. This will automatically make certain administrative API calls (e.g.: creating clouds) unavailable.
- restriction to usage: when creating the key, it will actually create 2 separate keys
- one key is to use for the API: lets you access to the API only (e.g.: backend services), and its name is API key
- when serving the image for encrypting the URL: it is only applicable when you wish to encrypt the URL which serves the image (e.g.: frontend services) and its name is Image URL secret.
- restriction for expiry date: the key can only be applied until a certain date and time
In addition to this, you have a change to generate access tokens. These can be generated dynamically from the API in unlimited numbers where you can limit the number of occasions you can use them.
How do I restrict my API keys?
Restricting an API key is fast and easy, but it is recommended that you apply some restrictions to every key you generate when you generate it. If you decide to assign a cloud to an API key, you will only able to use that key to access that specific cloud.