Data Types

Authentication

Bytescale supports multiple ways to authenticate your HTTP requests with the Bytescale API and CDN.

Easy Guide:

  1. Set your API key in the apiKey configuration field in the Bytescale SDK or Upload Widget.

  2. Alternatively: use HTTP Bearer or HTTP Basic authentication in your Bytescale API and CDN requests (if you're not using an SDK).

  3. Optional: use JWTs to elevate your users' permissions (e.g. to allow private file downloads and file deletions from frontend code).

Done! 🎉

Authentication Methods

The remainder of this page is intended for users who are not using an SDK, or would like to learn more about authentication.

The following table shows the maximum level of access supported by each authentication method; the actual level of access is configurable in the API key permissions and JWT permissions.

This table scrolls horizontally.

Authentication MethodWhere To UseWhen To UseDownload (Public Files)Transform (Public Files)Download (Private Files)Transform (Private Files)Upload FileCopy FileList FolderDelete FileDelete FolderCreate FolderCopy FolderJob Management

No Authentication

anywhere

To download public files.

Secret API Key (Bearer or Basic Auth)

backend code

To perform any operation.

Public API Key (Bearer or Basic Auth)

frontend code

To upload files.

Public API Key with JWT (Bearer Auth)

frontend code

To download private files, manage files, and upload files.

JWT Only (Bearer Auth)

frontend code

To download private files and manage files.

JWT Only (Cookie Auth)

frontend code

To download private files.


1 No Authentication

Bytescale CDN requests (i.e. file download and file transformation requests) don't require authentication by default.

You can change this behavior in the Bytescale Dashboard by making your folder(s) private.

When a folder is private, file downloads and file transformations require authentication.

Privately accessible file

By contrast, all Bytescale API operations (e.g. file uploads, file deletions, etc.) require authentication.


2 API Key Authentication (HTTP Bearer)

The easiest way to authenticate your requests is with HTTP Bearer Authentication, which looks like this:

Authorization: Bearer YOUR_API_KEY

With an SDK:

Without an SDK:

  • Add an Authorization header to your HTTP request.

  • Use your API key prefixed with "Bearer " as the header value (see above).


3 API Key Authentication (HTTP Basic)

You can also use HTTP Basic Authentication, which is functionally equivalent to HTTP Bearer Authentication, but follows a different syntax:

Authorization: Basic YXBpa2V5OllPVVJfQVBJX0tFWQ==

With an SDK:

Without an SDK:

  • Configure your HTTP client to use "Basic HTTP Authentication".

  • Set your username to: apikey (the literal string)

  • Set your password to: your API key.

    Your HTTP client will join the username and password with a : character, base-64 encode the string, and then prepend "Basic " to create the header. We recommend using HTTP Bearer Authentication when manually creating headers, since it's easier to use.


4 API Key + JWT Authentication

You can optionally add a JWT to your API key to grant additional permissions to your users at runtime.

This allows users of your frontend code to gain permissions that exceed that of a public API key.

Authorization: Bearer YOUR_API_KEY
Authorization-Token: eyJhbGciOiJIUzI1NiIsIn.eyJzdWIiOiIxMjM0NTY3ODkwIiwiaWF0Ijo.L8i6g3PfcHlioHCCPURC9pmXT7gdJ

With an SDK:

Use the Bytescale JavaScript SDK AuthManager »

The Bytescale JavaScript SDK AuthManager internally uses a combination of JWT Cookies and JWT Bearer Authentication to authenticate client-side requests to the Bytescale API and Bytescale CDN using your API key and JWT.

Without an SDK:

  • Create a JWT (see: Generating JWTs).

  • Add your JWT to the Authorization-Token header. (Do not prefix with Bearer.)

  • Add your public API key to the Authorization header. (Use HTTP Bearer or HTTP Basic authentication.)

    Only public API keys can be used with JWTs.

    Secret API keys are not intended to be used with JWTs; if you use a secret API key with a JWT, the JWT will be ignored.


5 JWT-Only Authentication (HTTP Bearer)

You can use a JWT without an API key for certain request types (see the Authentication Methods table above):

Authorization: Bearer eyJhbGciOiJIUzI1NiIsIn.eyJzdWIiOiIxMjM0NTY3ODkwIiwiaWF0Ijo.L8i6g3PfcHlioHCCPURC9pmXT7gdJ

With an SDK:

Use the Bytescale JavaScript SDK AuthManager »

The Bytescale JavaScript SDK AuthManager internally uses a combination of JWT Cookies and JWT Bearer Authentication to authenticate client-side requests to the Bytescale API and Bytescale CDN using your API key and JWT.

Without an SDK:

  • Create a JWT (see: Generating JWTs).

  • Add an Authorization header to your HTTP request.

  • Use your JWT prefixed with "Bearer " as the header value (see the example above).


Was this section helpful? Yes No

You are using an outdated browser.

This website requires a modern web browser -- the latest versions of these browsers are supported: