What is the difference between DAM API Keys and Security Templates?

Ibrahim A. [Scaleflex]

07 December 2020 18:41

The Scaleflex DAM API supports two authentication methods, each designed for a different type of use case:

API Keys – permanent keys for backend and server-to-server usage
Security Templates – used to generate temporary, restricted access keys (SASS keys), mainly for frontend and widget-based integrations

Both methods support granular permissions, but they serve very different purposes.

API Keys

What are API Keys?

API Keys are permanent authentication keys used to access the Scaleflex DAM File Management API.
They are designed for backend or headless applications where no user context is required and where the key is never exposed to the browser.

Related doc:
→ DAM API Overview

When to use API Keys

Use API Keys when you need to:

Upload, manage, or retrieve assets from backend servers
Migrate large volumes of media from another storage service
Run automated or scheduled DAM operations
Access multiple DAM projects using a company-wide key

API Keys are the recommended and safest option for server-to-server communication.

Creating API Keys

API Keys are managed from:

Settings → Project → Access → API Keys

Related doc:
→ Managing API Keys

When creating a key, you must:

Add a description (for identification)
Select permissions that define what the key can do

API Key permissions

API Keys support fine-grained permissions, including:

Asset actions (list, fetch, upload, delete, edit metadata)
Directory management
Labels, collections, shareboxes, approvals
Configuration and access management

Full permission reference:
→ DAM API Permissions

Using an API Key

The key must be included in every request:

X-Filerobot-Key: YOUR_API_KEY

Security Templates

What are Security Templates?

Security Templates define rules and restrictions that control how DAM assets can be accessed.
They are used to generate temporary API access keys (SASS keys) with limited permissions and validity.

The Security Template secret cannot be used directly in API calls.
You must first generate a SASS key from it.

Related doc:
→ Security Templates Overview

When to use Security Templates

Security Templates are recommended when:

Using DAM Widgets or Plugins in frontend applications
Allowing uploads from browsers or client-side apps
You need time-limited, IP-restricted, or scoped access
You want to protect your DAM from key leakage or abuse

Typical use cases include:

Filerobot Uploader Widget
Image Editor Widget

Widget docs:

Creating a Security Template

Security Templates are managed from:

Settings → Project → Access → Security Templates

How-to guide:
→ Create a Security Template

A Security Template defines:

Permissions

Same permission model as API Keys (upload, list, delete, edit, etc.)

Upload limits

Uploads per minute
Uploads per source IP
Directory scope for uploads

IP & location restrictions

Whitelisted IP ranges
Whitelisted countries

Key validity

Expiration time (default: 20 minutes)

Listing limits

Folder scope for listing and search

Generating a SASS (API Access) Key

Before making API calls or initializing a widget, you must generate a SASS key from the Security Template.

This is done via the DAM API:

curl --location 'https://api.filerobot.com/Your_token/v5/key/your_sec_template' \
--header 'Content-Type: application/json'

API reference:
→ Generate API Access Key (SASS)

The returned key:

Is temporary
Inherits the template’s permissions and limits
Expires automatically

Choosing the right authentication method

Use case	API Key	Security Template / SASS Key
Backend or server-to-server operations	✅ Recommended	❌ Not suitable
Frontend uploads or widgets	❌ Not recommended	✅ Recommended
Long-lived, permanent access	✅ Yes	❌ No
Time, IP, folder restrictions	❌ No	✅ Yes
Multi-project access	✅ Yes	❌ Limited

Summary

API Keys are permanent, backend-only keys with full control and multi-project support.
Security Templates define rules to generate temporary SASS keys, ideal for frontend usage and secure, limited access.