API Access Keys and Security Templates

API Access Keys are temporary keys with configurable permissions and restrictions to be used in frontend browser interactions with the Filerobot store. Their intended purpose is authenticating Filerobot widgets and plugins.

API Access Keys are generated using Security Templates.

1. Creating a Security Template

Access key templates are accessible from the Settings / Developer / Security Template modal:

Photo alt \#responsive

You can create a template that can be used on browser side.

The IDENTIFIER will be used to get the key.

By default, the identifier cannot be called more than 5 times per minute by IP.

API permissions

FILE_UPLOADUpload file
FILE_META_CREATECreate file metadata
FILE_RENAMERename file
FILE_MOVEMove file
FILE_DELETEDelete file
FILE_SET_VISIBILITYSet file visibility
DIR_CREATECreate directory
DIR_RENAMERename directory
DIR_META_CHANGECreate directory metadata
DIR_MOVEMove directory
DIR_DELETEDelete directory
DIR_SET_VISIBILITYSet dir visibility
CONFIG_CHANGEChange container configuration
CONFIG_LISTList container configuration
FILE_PRODUCT_CHANGEChange product information
OBJECTS_APPROVAL_VOTEManage approval voting

Upload limits

These settings set limits on the Upload API.

limit_per_minmaximum number of uploads per minute with the keyunlimited
limit_per_ip_sourceMaximum number of uploads allowed by IP by the keyunlimited
dir_scopeDirectories where the key is allowed to upload. If you want to allow all subdirectories of /folder, set the value to /folder/*all directories

Restrict IP limitation

It restricts API calls based on IP address ranges and/or countries.

whitelist_ip_rangesAllowed IP ranges for using the key from0.0.0.0
format accepted:,, ...
whitelist_countriesAllowed countries for using the key from.
Provide the code ISO of the country
all countries

The IP are converted to country thanks to

Key validity

This setting allows to set validity period of key, for example to match the user's session length in your authenticated application

expiration_durationtime in second before the key expires1200 s (20 minutes)

Listing limits

Sets limit on all API methods except Upload.

dir_scopedirectories from where it's allowed to list file. If you want to allow all subdirectories of /folder you need to set the value to /folder/*/* (all directories)

2. Requesting an Access Key

In order to instantiate the Filerobot Uploader widget or Filerobot Image Editor widget, you will for most use cases need to specify the filerobotUploadKey parameter for the widgets to interact with your Filerobot asset storage. When the page embedding the widget is loaded, make an API call in order to request an Access Key based on the Security Template previously created.

API Access Keys are generated by calling:

GET /key/{security_template_identifer}

{security_template_identifer}: the unique identifier of the previously created Security template.

Try it out


host: 'https://api.filerobot.com' path: /fdocs/key/SECU_3268740E1C82464B9BC350D868F966CB method: GET parameters: {} variables: {} headers: Content-Type: 'application/json' theme: clouds-midnight curlAPIKey: "" axiosTimeout: 35000 maxContentLength: 150000 render: curl_tab: true


    "status": "success",
    "key": "SASS__v1.05__QM6AXCCNkN2kjR4YDOEBTNzMkQ5IEN2QjM4MUMFBDN3gjNyMzXVNURTpzYlNXCvlmLlJ3b0NncpFmLpBXYu0GdkFWczVnZboDZJoyLlRXYsBXblR3Lj9GZvshOylGZslAMwITM6U2ZhlwG6M2dJshOwl2dJshOylGZ1lAOyATM5ATOxYTM6Q3c__ca972e3142",
    "hint": "New key created and ready to use",
    "debug": null

You can use the returned key as the filerobotUploadKey parameter in the Filerobot widget or plugin configuration.