Introducing Scoped API Keys
We’re excited to announce a major release that has been in the planning stages for a long time. We’re introducing a new way to generate API keys that will give you far more control over the apps you build with Pinata.
I won’t keep you waiting. Let’s dive in.
Scoped API Keys
Prior to this release, each Pinata account was issued one API Key and one API Secret. With our new scoped keys feature, not only can you issue multiple keys, but you can now do the following:
- Revoke keys
- Add permissions to keys for specific endpoints
- Limit the number of times a key can be used
- Name keys for easy reference
Scoped API Keys pave the way to a whole slew of new opportunities for developers. Keys can be scoped to individual users of your application. They can be scoped to specific functionality you want to unlock. They can be issued on the fly for quick, one-time access to features. There are so many things you can do with these scoped keys, and we can’t wait to see what you build.
What Does It Mean For You?
The new key paradigm essentially unleashes all of the creative potential you had locked up. If there was something you wanted to build but didn’t think you could build with Pinata, well, chances are you can build it now.
For example, many applications have read-only functionality. Before this release, to implement fetches of read-only content, you would have had to build services and middleware on top of what Pinata was already offering. Now, you can simply generate a read-only key, give it to your users, and they can fetch content from your Pinata account without any additional work on your part.
How about projects? Many of you build multiple applications. It was a pain keeping those applications separate within your Pinata account with the single key/secret paradigm. Now, you can generate keys and secrets for each of your projects and find them easily in the API Keys interface.
There are thousands of other use cases enabled by this new functionality. Let your creative juices flow and build something awesome.
What You’ll See In The App
In the process of building this new functionality, we also rewrote the entire authentication system and key management system. We previously didn’t have session timeouts when you logged into your Pinata account, and that was something we wanted to address. We now have one-hour timeouts. We may change this timeframe in the future, but we thought it was a good starting point for now.
Another change you’ll spot is that your API Key and Secret are no longer shown on your account page. We moved all key management to a new API Keys page. All API Secrets are encrypted in our database to add an extra layer of security. Because of this, we now take a similar approach to other developer platforms when issuing keys. We will show you your API Secret and your bearer token just once. Should you forget your key information, you can always revoke the existing key and issue a new one.
To access your API Keys and generate new ones simply click the avatar dropdown in the top-right. Then, click API Keys. Simple as that.
We expect 2021 to be an exciting year for IPFS, and Pinata. We have some great new features to release next year, so stay tuned for more updates.