Authentication¶
BinDist uses API key authentication to secure all API endpoints.
API Key Format¶
API keys follow the format {tenantId}.{secret}:
- Tenant ID: Your unique account identifier
- Secret: A randomly generated secret key
Example: abc123.xYz789SecretKeyHere
Sending Your API Key¶
Include your API key in the Authorization header using Bearer authentication:
Alternatively, you can use the X-API-Key header:
Example Request¶
Key Types¶
BinDist uses two types of API keys:
Admin Keys¶
Admin keys provide full access to manage your account:
- Create and manage applications
- Upload new versions
- Create customer API keys
- View activity logs
- Manage backups
Customer Keys¶
Customer keys provide read-only access:
- List accessible applications
- List versions
- Download files
Security Best Practices¶
Never Expose Your API Key
- Don't commit API keys to version control
- Don't include API keys in client-side JavaScript
- Use environment variables or secure secret management
Regenerate Compromised Keys
If you suspect your API key has been compromised, regenerate it immediately from the Account page.
Storing API Keys Securely¶
Error Responses¶
Missing API Key¶
{
"success": false,
"error": {
"code": "UNAUTHORIZED",
"message": "Missing authentication token"
}
}