API keys and CORS Ajax calls

Each restdb.io database has a Restful API so that you can manage data using the HTTP protocol (GET, POST, PUT, PATCH, DELETE):


In order to authenticate and authorize each REST-call, an apikey or JWT token must be supplied, either as a query parameter or as a https header field ("x-apikey"). By default, each database in restdb.io has an apikey for universal access.

Note: You can also authenticate with a Auth0 / JWT token to identify users, read docs here

You must be an admin of the database in order to add or change apikeys. Just click the 'Manage' button to go to the database settings pages.


Click on the "API"-tab. Here you can reset the full access API-key and you can create any number of scoped/filtered/limited access apikeys, also referred to as CORS-apikeys.

Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the resource originated.


Let's say that we need to track and store some specific events on our e-commerce site. Given that we have an "Events" collection in our database, we can create a new, scoped apikey that will allow POSTs to this collection from "mysite.com".


The REST API path uses "globs" for matching, giving you a flexible way to narrow down the scope of the apikey.