FileSpin supports three authentication methods. Choose the one that best fits your use case.
| Method | Header | Best For |
|---|
| API Key | X-FileSpin-Api-Key: {API_KEY} | Server-to-server integration, backend services, scripts |
| JWT Bearer Token | Authorization: Bearer {JWT} | Web applications, single-page apps, interactive sessions |
Choosing the Right Method
| Consideration | API Key | JWT |
|---|
| User interaction required | No | Yes (login) |
| Token lifetime | Long-lived | 24 hours |
| Scoped access | No (full access) | No (full access) |
| Refresh mechanism | N/A | Re-login |
| Best security model | Server-side only | Short-lived, user-bound |