DAM
Authentication and Authorization with the DAM API happen via two methods:
- API Secret Keys—They are best for server-to-server uploads and interactions with the DAM store, such as migrating large amounts of media assets from another Cloud storage service or uploading large amounts of media assets from your server.
- Security Templates—These are templates for generating Access Keys with limited validity and permissions, adapted to front-end browser uploads.
Both methods support key permissions and allow for a granular definition of what each method can do (upload, list, search, create a directory, delete, ...). However, only API Secret Keys can be company-wide keys and allow interaction with multiple DAM projects. Read here to learn more about what is a DAM project.
The type of method you use to upload, manage and retrieve media assets in DAM programmatically depends on your use case:
Use Case | API Secret Key | Security Templates (and API Access Key) |
Upload, manage and retrieve media assets from backend servers to DAM | Recommended as the API Secret Key will never be exposed. Secret keys can be company-wide and authenticated across multiple projects. |
Recommended if you want to apply API rate-limiting and have IP-based restrictions. |
DAM Uploader Widget integrated into a frontend application |
It is not recommended, as the key is exposed to end users in your front-end code. |
Recommended to prevent the key from being compromised and used outside of the Widget.
|
DAM Image Editor integrated into a frontend application | ||
DAM 360° spin plugin | ||
Filerobot Media Asset Widget (FMAW) |
Regardless of which authentication method you use, the API key needs to be included as part of the X-Filerobot-Key
HTTP header in your requests.
Example:
X-Filerobot-Key: FILEROBOT_API_KEY
1. Using API Secret Keys
API Secret Keys are the easiest way to start with the DAM API. Navigate to Developers > API Secret Keys and click the Create new key button.
Give a description and select the Permissions the API Secret Key will have. As described in the DAM documentation, you can choose between multiple permissions.
Once the API Secret Key is saved, you can review/edit its Permissions, rename or revoke it from the list:
You can use the API Secret Key to Upload, List, and Download assets from the DAM store using the DAM APIs.
2. Using Security Templates and API Access Keys
API Access Keys are based on API Secret Keys but add additional restrictions like rate-limiting, max file size upload, IP-whitelisting, etc., for the API client using them to authenticate against the DAM API. They are meant to be used in conjunction with the DAM Widgets and Plugins, mainly on frontend applications or on highly-sensitive backend applications.
First, a Security Template must be created in order to specify the API Access Keys' restrictions and then an API Access Key must be requested over API.
1. Creating an Security Template
Navigate to Developers > Security Templates and click on the Create new template button to create a new Security Template.
4 categories of limits are available:
Limit | Description |
Upload limits |
rate-limiting for uploads:
|
Restrict IP limitation |
Source IP-whitelisting:
|
Key validity | Key validity period |
Listing limits | Folder scope for listing / search |
Once saved, a unique Security Template identifier is generated and available for use.
The Security Template identifier is required in order to request API Access Keys via the API described in the next section.
2. Requesting API Access Keys
API Access Keys should be requested before an API call to the DAM API is done from a server in a backend application or a DAM Widget or Plugin is instantiated on a frontend application. Refer to each Widget or Plugin documentation below to understand where the API Access Key should be configured for the Widget or Plugin to be able to authenticate against the DAM API and upload / manage / retrieve asset from your Digital Asset Management:
On a side note, these plugins are all Open Source, so do not hesitate to contribute in order to help us making them the best Digital Asset Management Widgets and Plugins.
To request an API Access Key, use the GET /key API documented here. An example of a cURL request / response is given below.
Request
curl --request GET \ --url 'https://api.filerobot.com/fdocs/key/SECU_3268740E1C82464B9BC350D868F966CB?' \ --header 'Content-Type: application/json'
Response
{
"status": "success",
"key": "SASS__v1.05__QM6AXCCNkN2kjR4YDOEBTNzMkQ5IEN2QjM4MUMFBDN3gjNyMzXVNURTpzYlNXCvlmLlJ3b0NncpFmLpBXYu0GdkFWczVnZboDZJoyLlRXYsBXblR3Lj9GZvshOylGZslAMwITM6U2ZhlwG6M2dJshOwl2dJshOylGZ1lAOyATM5ATOxYTM6Q3c__ca972e3142",
"hint": "New key created and ready to use",
"debug": null
}
If you have any questions or issues, please feel free to contact our Software Engineer and mention the following details:
- Token
- Short description of the issue (including URLs, screenshot, short video if available)
- Steps to reproduce the issue.
Comments
Please sign in to leave a comment.