Authentication
Secure your API requests with proper authentication.
key
API Keys
API keys are the recommended way to authenticate server-to-server requests.
visibility
Public Key
imgfast_pk_xxxxxxxxUsed in CDN URLs. Safe to expose in client-side code.
visibility_off
Secret Key
imgfast_sk_xxxxxxxxxxxxxxxxUsed for API requests. Never expose publicly!
Using API Keys
# Include in request header
curl -X GET https://api.imgfast.io/api/v1/images \
-H "x-api-key: imgfast_sk_YOUR_SECRET_KEY"
# Or as query parameter (not recommended)
curl "https://api.imgfast.io/api/v1/images?api_key=imgfast_sk_YOUR_SECRET_KEY"token
JWT Tokens
JWT tokens are used for browser-based authentication and dashboard access.
Get a Token
# Login to get JWT token
curl -X POST https://api.imgfast.io/api/v1/auth/login \
-H "Content-Type: application/json" \
-d '{"email": "user@example.com", "password": "yourpassword"}'
# Response
{
"accessToken": "eyJhbGciOiJIUzI1NiIs...",
"expiresIn": 604800
}Use the Token
# Include in Authorization header
curl -X GET https://api.imgfast.io/api/v1/auth/me \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..."group
OAuth Providers
Sign in with your existing accounts using OAuth.
🔵Google
⚫GitHub
🟠GitLab
🔵Bitbucket
🟦Microsoft
# OAuth endpoints
GET /api/v1/auth/google # Google OAuth
GET /api/v1/auth/github # GitHub OAuth
GET /api/v1/auth/gitlab # GitLab OAuth
GET /api/v1/auth/bitbucket # Bitbucket OAuth
GET /api/v1/auth/microsoft # Microsoft OAuthsecurity
Best Practices
check_circle
Do
- • Store secret keys in environment variables
- • Use API keys for server-side code only
- • Rotate keys regularly
- • Use HTTPS for all requests
cancel
Don't
- • Never commit secret keys to version control
- • Never expose secret keys in client-side code
- • Never share keys via unencrypted channels
- • Never use the same key for development and production