From 48c7f0422ee32a2bb60a6724c562fae51ae87311 Mon Sep 17 00:00:00 2001 From: Lawrence Wagerfield Date: Sat, 16 Dec 2023 00:27:00 +0000 Subject: [PATCH] Upgrade Bytescale SDK. Update docs around auth. --- README.md | 8 ++++---- lib/package-lock.json | 14 +++++++------- lib/package.json | 2 +- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 02debef..b514bfb 100644 --- a/README.md +++ b/README.md @@ -393,9 +393,9 @@ The Bytescale Upload Widget uses the `apiKey` parameter to authenticate with [By With API key auth, the requester has access to the resources available to the API key: -- Secret API keys (`secret_***`) have access to all API endpoints (see: [Bytescale JavaScript SDK](https://www.bytescale.com/docs/sdks/javascript)). +- Secret API keys (`secret_***`) can perform all API operations (see: [Bytescale JavaScript SDK](https://www.bytescale.com/docs/sdks/javascript)). -- Public API keys (`public_***`) have access to file upload, file download, and file listing API endpoints. File overwrites, file deletes, and all other destructive operations cannot be performed using public API keys. File listing is also disabled by default (but can be changed in the API key's settings). +- Public API keys (`public_***`) can perform file uploads and file downloads only. File overwrites, file deletes, and all other destructive operations cannot be performed using public API keys. You must always use **public API keys** (e.g. `public_***`) in your client-side code. @@ -405,9 +405,9 @@ Each API key can have its read/write access limited to a subset of files/folders JWTs are optional. -With JWTs, the user can download private files directly via the URL, as authentication is performed implicitly via a session cookie _or_ via an `authorization` header if service workers are used (see the `serviceWorkerScript` param on the `AuthManager.beginAuthSession` method). This allows the browser to display private files in `` and `