Create Access Keys API

You could use Master Key to do any operation on various API endpoints on JSONBin.io. While using this is highly feasible on the backend but not appropriate on the Frontend.

Exposing the Master Key while trying to read a record in Frontend might end up exposing your key to other users which may carry any operation on your JSONBin records with the Master Key.

In-order to fix the above, you can now create an Access Key using which, you can now configure and grant access to specific API endpoints for specific Access Keys.

Users who has the key can only access those API endpoints to which the access is granted.

Root

https://api.jsonbin.io/v3

Route

/a

Request Type

DELETE

Request Headers

Below are the list of Accepted Request Headers if you are trying to Create a JSON record.

Request Header	Value	Required
X-Master-Key	<API_KEY>	Yes

Content-Type Required

Set the Content-Type header to application/json. This needs to be passed with every POST request you make on the Create Access Keys Route. Failing to pass this in the Header will result in an error.

X-Master-Key Required

X-Master-Key is nothing but your Core API Access Key. You will need this Key to access mostly any API end-point on JSONBin. You could find the key on the API Keys page.

X-Key-Name Required

You can set the Key Name using X-Key-Name header. You can set a maximum of 32 characters as Key Name.

Payload Sample

Info As of now, you can only configure API Access Keys for Bins API. Going forward, we will add more endpoints which can be configured to access using API Access Keys.

{
  bins: {
    read: true,
    update: false,
    delete: false,
    create: true,
  }
}

Code Samples

cURL
JavaScript (ES6)
Python 3
Ruby

curl -v\
  -H "Content-Type: application/json" \
  -H "X-Master-Key: <YOUR_API_KEY>" \
  -H "X-Key-Name: <ACCESS_KEY_NAME>" \
  --request POST \
  --data "<PAYLOAD_SAMPLE>" \
    https://api.jsonbin.io/v3/a

let req = new XMLHttpRequest();

req.onreadystatechange = () => {
  if (req.readyState == XMLHttpRequest.DONE) {
    console.log(req.responseText);
  }
};
  
req.open("POST", "https://api.jsonbin.io/v3/a", true);
req.setRequestHeader("Content-Type", "application/json");
req.setRequestHeader("X-Master-Key", "<YOUR_API_KEY>");
req.setRequestHeader("X-Key-Name", "<ACCESS_KEY_NAME>");
req.send('<PAYLOAD_SAMPLE>');

import requests
url = 'https://api.jsonbin.io/v3/a'
headers = {
  'Content-Type': 'application/json',
  'X-Master-Key': '<YOUR_API_KEY>',
  'X-Key-Name': '<ACCESS_KEY_NAME>'
}
data = <PAYLOAD_SAMPLE>

req = requests.post(url, json=data, headers=headers)
print(req.text)

require 'net/http'
require 'json'

uri = URI("https://api.jsonbin.io/v3/a")
res = Net::HTTP.start(uri.host, uri.port, use_ssl: true) do |http|
  req = Net::HTTP::Post.new(uri)
  req['Content-Type'] = 'application/json'
  req['X-Master-Key'] = '<YOUR_API_KEY>'
  req['X-Key-Name'] = '<ACCESS_KEY_NAME>'

  req.body = <PAYLOAD_SAMPLE>.to_json
  http.request(req)
end

puts res.body

Request Response

Success Status Code: 200

{
  "accessKey": "<ACCESS_KEY>",
  "keyPermissions": {
      "bins": {
          "update": false,
          "delete": false,
          "create": true,
          "read": true
      }
  },
  "accessKeyId": "<ACCESS_KEY_ID>",
  "metadata": {
      "name": "<ACCESS_KEY_NAME>"
  }
}

Error Status Code: 400, 401, 403, 404

{
  "message": "<Error Message>"
}

For more information on the error codes & errors you might possibly encounter, refer to the below section.

Error Reference

400 Bad Request
401 Unauthorized
403 Forbidden

X-Key-Name cannot be blank

You need to pass X-Key-Name to set the Name of the Access Key. This header is compulsory.

Name of the Key name cannot be above 32 characters

You'll encounter this error if your Access Key name is more than 32 characters.

Validation failed, please try again

You need to pass the exact payload as suggested above in the document.

Create a Free Account

Create an Account View Pricing

{}jsonbin.io