You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Bytescale Upload Widget uses the `apiKey` parameter to authenticate with [Bytescale](https://www.bytescale.com/).
378
378
379
379
With API key auth, the requester has access to the resources available to the API key:
380
380
381
-
- Secret API keys (`secret_***`) have access to all API endpoints ([Bytescale JavaScript SDK](https://www.bytescale.com/docs/sdks/javascript)).
381
+
- Secret API keys (`secret_***`) have access to all API endpoints (see: [Bytescale JavaScript SDK](https://www.bytescale.com/docs/sdks/javascript)).
382
382
383
383
- Public API keys (`public_***`) have access to file upload, file download, and file listing API endpoints. File overwrites, file deletes, and all other destructive operations cannot be performed using public API keys. File listing is also disabled by default (but can be changed in the API key's settings).
384
384
385
385
You must always use **public API keys** (e.g. `public_***`) in your client-side code.
386
386
387
387
Each API key can have its read/write access limited to a subset of files/folders.
388
388
389
-
### JWT Cookies
389
+
### JWTs
390
390
391
-
JWT cookies are optional.
391
+
JWTs are optional.
392
392
393
-
With JWT cookies, the user can download private files directly via the URL, as authorization is performed implicitly via a session cookie. This allows the browser to display private files in `<img>` and `<video>` elements.
393
+
With JWTs, the user can download private files directly via the URL, as authentication is performed implicitly via a session cookie_or_ via an `authorization` header if service workers are used (see the `serviceWorkerScript` param on the `AuthManager.beginAuthSession` method). This allows the browser to display private files in `<img>` and `<video>` elements.
394
394
395
-
With JWT cookies, the user can also upload files to locations that aren't otherwise permitted by the API key, but are permitted by the [JWT's payload](https://www.bytescale.com/docs/types/BytescaleJwt). This is because the [Bytescale Upload Widget](https://www.bytescale.com/docs/upload-widget) internally uses the [Bytescale JavaScript SDK](https://www.bytescale.com/docs/sdks/javascript) to perform file uploads, and the Bytescale JavaScript SDK automatically injects the user's JWT into all API requests once the `AuthManager.beginAuthSession` method has been called.
395
+
With JWTs, the user can also perform API requests, such as file uploads, as these can be granted by the [JWT's payload](https://www.bytescale.com/docs/types/BytescaleJwt). This is because the [Bytescale Upload Widget](https://www.bytescale.com/docs/upload-widget) internally uses the [Bytescale JavaScript SDK](https://www.bytescale.com/docs/sdks/javascript) to perform file uploads, and the Bytescale JavaScript SDK automatically injects the user's JWT into all API requests once the `AuthManager.beginAuthSession` method has been called.
396
396
397
-
_Note: when using JWT cookies to download files, the `?auth=true` query parameter must be added to the URL._
398
-
399
-
[Learn more about the `AuthManager` and JWT cookies »](https://www.bytescale.com/docs/authorization#jwt-cookie)
397
+
[Learn more about the `AuthManager` and JWTs »](https://www.bytescale.com/docs/auth)
0 commit comments