Security templates

Security templates are used to generate API access keys (temporary keys with configurable permissions & restrictions)

The Security Templates are accessible from Settings > Development > Security templates

Create a security template

Security Templates can be created with the Add Template button by entering the following informations

Description

Used to identify the security template

Permissions

Used to defines what users can / can't do with the assets. Permissions are selected from the list:

API Permission Description

API Permission	Description
`OBJECTS_LIST`	List files
`OBJECTS_FETCH`	Fetch file
`FILE_UPLOAD`	Upload file
`FILE_META_CREATE`	Create file metadata
`FILE_RENAME`	Rename file
`FILE_MOVE`	Move file
`FILE_DELETE`	Delete file
`FILE_SET_VISIBILITY`	Set file visibility
`DIR_CREATE`	Create directory
`DIR_RENAME`	Rename directory
`DIR_META_CHANGE`	Create directory metadata
`DIR_MOVE`	Move directory
`DIR_DELETE`	Delete directory
`DIR_SET_VISIBILITY`	Set dir visibility
`CONFIG_CHANGE`	Change container configuration
`CONFIG_LIST`	List container configuration
`FILE_PRODUCT_CHANGE`	Change product information
`FILE_PROCESS_AUTOTAGGING`	Perform autotaggin
`OBJECTS_SHARE_MANAGE`	Manage shares
`OBJECTS_AIRBOX_MANAGE`	Manage airbox
`OBJECTS_APPROVAL_MANAGE`	Manage approval
`OBJECTS_APPROVAL_VOTE`	Manage approval voting

OBJECTS_LIST

List files

OBJECTS_FETCH

Fetch file

FILE_UPLOAD

Upload file

FILE_META_CREATE

Create file metadata

FILE_RENAME

Rename file

FILE_MOVE

Move file

FILE_DELETE

Delete file

FILE_SET_VISIBILITY

Set file visibility

DIR_CREATE

Create directory

DIR_RENAME

Rename directory

DIR_META_CHANGE

Create directory metadata

DIR_MOVE

Move directory

DIR_DELETE

Delete directory

DIR_SET_VISIBILITY

Set dir visibility

CONFIG_CHANGE

Change container configuration

CONFIG_LIST

List container configuration

FILE_PRODUCT_CHANGE

Change product information

FILE_PROCESS_AUTOTAGGING

Perform autotaggin

OBJECTS_SHARE_MANAGE

Manage shares

OBJECTS_AIRBOX_MANAGE

Manage airbox

OBJECTS_APPROVAL_MANAGE

Manage approval

OBJECTS_APPROVAL_VOTE

Manage approval voting

Upload limits

These settings set limits on the Upload API.

Setting Description Default

Setting	Description	Default
Limit per min (`limit_per_min`)	Set the maximum of upload per minute with the key	Unlimited
Limit per source IP (`limit_per_source_ip`)	Maximum number of uploads allowed by IP by the key	Unlimited
Directory scope (`dir_scope`)	Directories where the key is allowed to upload. If you want to allow all subdirectories of /folder, set the value to /folder/*	All directories

Limit per min (limit_per_min)

Set the maximum of upload per minute with the key

Unlimited

Limit per source IP (limit_per_source_ip)

Maximum number of uploads allowed by IP by the key

Unlimited

Directory scope (dir_scope)

Directories where the key is allowed to upload. If you want to allow all subdirectories of /folder, set the value to /folder/*

All directories

Restrict IP limitation

It restricts API calls based on IP address ranges and/or countries.

Setting Description Default

Setting	Description	Default
`whitelist_ip_ranges`	Allowed IP ranges for using the key from	0.0.0.0 format accepted: 8.8.8.8, 255.240.0.0/12, ...
`whitelist_countries`	Allowed countries for using the key from. Provide the code ISO of the country	all countries The IP are converted to country thanks to GeoLite2

whitelist_ip_ranges

Allowed IP ranges for using the key from

0.0.0.0 format accepted: 8.8.8.8, 255.240.0.0/12, ...

whitelist_countries

Allowed countries for using the key from. Provide the code ISO of the country

all countries

The IP are converted to country thanks to GeoLite2

Key Validity

This setting allows to set validity period of key, for example to match the user's session length in your authenticated application

Setting Description Default

Setting	Description	Default
`expiration_duration`	time in second before the key expires	1200 s (20 minutes)

expiration_duration

time in second before the key expires

1200 s (20 minutes)

Listing Limits

Directories where the key is allowed to list elements. If you want to allow all subdirectories of /folder, set the value to /folder/*

Setting Description Default

Setting	Description	Default
`directory_scope`	Directories where the key is allowed to list and search assets. If you want to allow all subdirectories of /folder, set the value to /folder/*	All directories

directory_scope

Directories where the key is allowed to list and search assets. If you want to allow all subdirectories of /folder, set the value to /folder/*

All directories

Manage existing Security templates

Existing API keys can be managed individually or in bulk for status (Active <> Deactivate):

User level Description

User level	Description
Description	To identify the Security template
Secret key	To be kept secret
Created at	The API key creation date
Scope	Used to limit the scope
Active	The Security template status that can be toggled from active to deactivated using the `...` options
Copy	Copy the secret key in the notepad for easy reuse

Description

To identify the Security template

Secret key

To be kept secret

Created at

The API key creation date

Scope

Used to limit the scope

Active

The Security template status that can be toggled from active to deactivated using the ... options

Copy

Copy the secret key in the notepad for easy reuse

PreviousAPI keys NextCDN invalidation

Last updated 1 year ago