E
EgiStr HUB|v1.0
DashboardGitHub

API Authentication

All external API endpoints require authentication via API keys. This page explains how to obtain and use API keys securely.

Obtaining an API Key

API keys are managed through the Manager Dashboard, not the EDS dashboard directly.

  1. Access the Manager Dashboard at /dashboard/api-keys
  2. Click "Generate New Key"
  3. Enter a descriptive name (e.g., "Python Backup Script")
  4. Click "Generate Key"
  5. Copy the key immediately - it will only be displayed once!

⚠️ Important

The full API key is only shown once at creation time. Store it securely. If you lose it, you'll need to generate a new one.

Key Format

API keys follow this format:

exstr_live_[32 random hex characters]

Example:
exstr_live_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6

Using the API Key

Include the API key in the x-api-key HTTP header for all requests:

HTTP Headers
x-api-key: exstr_live_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
Content-Type: application/json

cURL Example

Terminal
curl -X POST https://your-domain.com/api/v1/storage/upload \
  -H "x-api-key: exstr_live_..." \
  -H "Content-Type: application/json" \
  -d '{"filename": "test.txt", "mimeType": "text/plain", "size": 1024}'

Python Example

Python
import requests
import os

# Use environment variable for security
API_KEY = os.environ.get("EDS_API_KEY")

response = requests.post(
    "https://your-domain.com/api/v1/storage/upload",
    headers={
        "x-api-key": API_KEY,
        "Content-Type": "application/json"
    },
    json={
        "filename": "data.csv",
        "mimeType": "text/csv",
        "size": 2048
    }
)

JavaScript Example

JavaScript
const API_KEY = process.env.EDS_API_KEY;

const response = await fetch('https://your-domain.com/api/v1/storage/upload', {
  method: 'POST',
  headers: {
    'x-api-key': API_KEY,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    filename: 'data.json',
    mimeType: 'application/json',
    size: 4096,
  }),
});

const result = await response.json();

Error Responses

HTTP StatusErrorDescription
401Missing API keyThe x-api-key header is not present
401Invalid or inactive API keyThe key doesn't exist or has been deactivated

Best Practices

  • Never hardcode API keys - Use environment variables
  • Rotate keys regularly - Generate new keys and revoke old ones
  • Use descriptive names - Makes it easy to identify which key is used where
  • Monitor usage - Check lastUsedAt to detect unused or compromised keys
  • Revoke immediately - If a key is compromised, deactivate it in the dashboard

Next Steps

Next

Upload Endpoint →