Data Types

BytescaleJwt

Bytescale supports JWT-based authentication.

To use JWTs in your requests, please see:

https://www.bytescale.com/docs/auth

{
"accountId": String,
"allowedOrigins": String[],
"exp": Integer,
"iat": Integer,
"sub": String
}
{
"access": {
"pathPermissions": [
{
"match": {
"path": "/users/user-xyz",
"scope": "Children"
},
"permissions": {
"read": {
"file": {
"downloadFile": [
"*"
],
"getFileDetails": true
},
"folder": {
"getFolderDescription": true,
"getFolderPublicPermissions": true,
"getFolderStorageLayer": true,
"listFolderChildren": true
}
},
"write": {
"file": {
"createFile": true,
"deleteFile": true,
"overwriteFile": true
},
"folder": {
"createVirtualFolder": true,
"deleteVirtualFolder": true,
"setFolderDescription": true,
"setFolderPublicPermissions": true,
"setFolderStorageLayer": true
}
}
}
}
],
"tagPermissions": {
"write": [
"*"
]
}
},
"accountId": "YOUR_ACCOUNT_ID",
"allowedOrigins": [
"https://example.com",
"https://www.example.com"
],
"exp": 1615680311,
"iat": 1615680311,
"sub": "string"
}

The access permissions for the JWT.

If the JWT is provided together with a public API key (see above), then the permissions from the API key are merged with the JWT's permissions, taking the JWT's permissions where overlaps occur.

Type: BytescaleJwtAccess

Your account ID.

We recommend always setting this field.

You must set this field if the JWT will be passed via the Authorization request header (as opposed to via the Authorization-Token header in conjunction with an API key in the Authorization header, or as opposed to via a JWT cookie).

This means you must set this field when setting the serviceWorkerScript parameter on the AuthManager.beginAuthSession method, as the serviceWorkerScript parameter causes your JWTs to be passed via the Authorization request header instead of via the Cookie request header (to support browsers that don't support third-party cookies, like Safari).

Example: "A623uY2"

Type: String

Length: 7

Origin whitelist to prevent Cross Site Request Forgery (CSRF).

We recommend always setting this field.

Leaving this field undefined or as an empty array will disable origin whitelisting, which is strongly discouraged as it allows Cross Site Request Forgery (CSRF) for file download and file transformation requests when cookie-based auth is used with the Bytescale CDN.

A CSRF attack (which you are protected from when this field is correctly set) is where a phishing site that has prior knowledge of your private file URLs, which it has acquired through some other means, can temporarily download those files if a user of your web application visits the phishing site while they're authenticated with your web application, and are using cookie-based auth with the Bytescale CDN.

You should set this field to an array of strings, where the elements represent the valid root URL(s) for your website.

Example: ["https://example.com","https://www.example.com"]

Type: String[]

The time the JWT will expire in seconds since midnight 1 January 1970, UTC.

Example: 1615680311

Type: Integer

Minimum: 0

The time the JWT was issued in seconds since midnight 1 January 1970, UTC.

Example: 1615680311

Type: Integer

Minimum: 0

User ID from your application's database.

Bytescale doesn't currently perform any logic based on this value.

However, the value is required, and we recommend setting it to a real user ID for logging and auditing purposes.

Type: String

Was this section helpful? Yes No

You are using an outdated browser.

This website requires a modern web browser -- the latest versions of these browsers are supported: