Authentication

How to authenticate requests to the FastPic API.

All FastPic public API endpoints (api.fastpic.pro/v1/*) require authentication using an API key. media.fastpic.pro endpoints are public for public-visibility images and require signed URLs for private images.

Creating an API key

Create an API key from your dashboard at app.fastpic.pro/keys. The key is shown to you once at creation — store it securely. FastPic only stores a SHA-256 hash; we cannot recover the plaintext value.

app.fastpic.pro/keys →

Using your API key

Send the key as a Bearer token in the Authorization header:

HTTP request

GET /v1/images HTTP/1.1
Host: api.fastpic.pro
Authorization: Bearer fp_live_a1b2c3d4e5f6...

Key format

Production keys start with fp_live_ followed by 43 url-safe base64 characters. Test keys (coming soon) will use fp_test_.

Rotating keys

Revoke a key from the dashboard. Revocation is immediate. Generate a new key, deploy it, then revoke the old one to avoid downtime.

Security best practices

Best practices

Never commit API keys to source control. Use environment variables. Restrict keys to the minimum scopes you need. Rotate keys at least every 90 days.