Authentication
Public files readable without auth. Mutations (POST, PATCH, DELETE) always require a valid API key.
API Keys
Generate keys from dashboard. Prefixed with js_. Up to 10 keys per account.
Shown once at creation. Revoked keys cannot be recovered.
Authenticating
Bearer Header
GET
/johndoe/analytics-data
const res = await fetch("https://json.shahriyar.dev/johndoe/analytics-data", {
method: "GET",
headers: { Authorization: "Bearer js_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" },
})
const data = await res.json()
console.log(data)POST
/johndoe/products
const res = await fetch("https://json.shahriyar.dev/johndoe/products", {
method: "POST",
headers: { Authorization: "Bearer js_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" },
body: JSON.stringify({...}),
})
const data = await res.json()
console.log(data)Query Parameter
GET /<username>/<filename>?api_key=js_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxPrivate Files
Mark file private to block anonymous reads. Unauthenticated requests return:
401— mutation without key403— reading private file without key
{ "success": false, "error": "Unauthorized" }Keys
Manage keys from dashboard: view masked keys (first 8 + last 4 chars), see last used timestamp, revoke.