What authentication methods does PageCDN support?

PageCDN primarily supports API keys for programmatic access and Basic Authentication for certain administrative tasks or dashboard login. All interactions should occur over HTTPS.

How do I get an API key for PageCDN?

You can generate an API key by logging into your PageCDN account dashboard, navigating to the API settings or security section, and following the prompts to create a new key. Remember to store it securely upon generation.

Can I set specific permissions for my API keys?

Yes, when generating an API key in the PageCDN dashboard, you can typically configure granular permissions or scopes, allowing you to limit the actions the key can perform (e.g., read-only, cache invalidation, asset upload).

Is it safe to hardcode PageCDN API keys in my application?

No, it is highly recommended to avoid hardcoding API keys directly into your application's source code. Instead, use environment variables, secure configuration files, or secret management services to store and access your credentials securely.

How often should I rotate my PageCDN API keys?

It is a security best practice to rotate your API keys regularly, typically every 90 days or more frequently, to minimize the risk associated with a potentially compromised key.

What should I do if my PageCDN API key is compromised?

If you suspect an API key has been compromised, you should immediately revoke it through your PageCDN dashboard and generate a new key. Review any logs for unauthorized activity.

Does PageCDN support OAuth 2.0 or other advanced authentication protocols?

PageCDN's primary authentication methods are API keys and Basic Authentication for direct API access and dashboard login. For specific integrations, consult the official PageCDN documentation for any advanced protocol support.

PageCDN Authentication: API Key & Basic Auth Guide (2026)

PageCDN authentication primarily uses API keys for programmatic access and Basic Authentication for specific administrative tasks. These methods secure your static assets and CDN configurations, ensuring only authorized requests can manage or modify your content delivery settings. Understanding credential generation and secure usage is crucial for maintaining the integrity and availability of your deployed resources.

Authentication overview

PageCDN provides mechanisms to authenticate requests for managing your CDN resources and settings. This ensures that only authorized users or applications can access and modify your account configurations, upload assets, or interact with administrative APIs. The primary method for programmatic interaction is through API keys, while Basic Authentication can be used for certain dashboard-related functions or legacy integrations. All authentication should occur over HTTPS to protect credentials in transit, aligning with general web security recommendations from organizations like the World Wide Web Consortium on web security.

Authentication on PageCDN is designed to be straightforward, focusing on secure access to your static asset delivery infrastructure. Developers integrate these methods into their deployment pipelines or custom tools to automate tasks such as cache invalidation, asset uploads, or configuration updates. Proper management of these credentials is a critical aspect of maintaining the security posture of your deployed web properties.

Supported authentication methods

PageCDN supports two primary authentication methods for different use cases:

API Key: This is the recommended method for programmatic access to PageCDN's management APIs. API keys are long, randomly generated strings that grant specific permissions to perform actions on your account. They are suitable for integration with build systems, deployment scripts, and custom applications. API keys can often be configured with granular permissions, limiting the scope of actions an application can perform, which is a common security practice for managing API key access.
Basic Authentication: This method typically involves a username and password, base64-encoded and sent in the Authorization header of an HTTP request. While less flexible than API keys for granular permissions, Basic Authentication may be used for certain direct interactions with the PageCDN dashboard or specific administrative endpoints where a user's login credentials are required.

Authentication Method Comparison

Method	When to Use	Security Level
API Key	Programmatic access, CI/CD pipelines, automated scripts, third-party integrations.	High (when properly managed and scoped with granular permissions).
Basic Authentication	Direct user login to dashboard, specific administrative tasks requiring user credentials.	Medium (reliant on strong password policies and HTTPS).

Getting your credentials

To interact with PageCDN programmatically, you will need to generate an API key from your account dashboard. The process generally involves:

Log in to your PageCDN account: Access the PageCDN dashboard using your registered username and password (PageCDN documentation).
Navigate to API Settings: Look for a section related to API keys, integrations, or security settings within your account management area.
Generate New API Key: Follow the prompts to create a new API key. During this process, you may be able to define specific permissions or scopes for the key, such as read-only access, cache invalidation privileges, or asset upload capabilities. It is a best practice to grant only the minimum necessary permissions to each key.
Securely Store Your Key: Once generated, the API key will typically be displayed only once. Copy it immediately and store it in a secure location. Do not hardcode API keys directly into your source code or commit them to public version control systems.

For Basic Authentication, your credentials are your PageCDN account username (usually your email address) and password. These are the same credentials you use to log into the PageCDN dashboard.

Authenticated request example

When using an API key, you typically include it in the Authorization header of your HTTP requests. The exact header format might vary, but a common pattern is to use a custom scheme or include it as a bearer token, depending on the specific PageCDN API endpoint you are targeting. Always refer to the official PageCDN API documentation for the precise header format and endpoint details (PageCDN API documentation).

Example using an API Key (conceptual)

Assuming a hypothetical PageCDN API endpoint for invalidating a cache and an API key named YOUR_PAGECDN_API_KEY:

curl -X POST \
  https://api.pagecdn.com/v1/cache/invalidate \
  -H 'Authorization: Bearer YOUR_PAGECDN_API_KEY' \
  -H 'Content-Type: application/json' \
  -d '{ "paths": ["/css/style.css", "/js/app.js"] }'

In this example, YOUR_PAGECDN_API_KEY would be replaced with the actual API key you generated. The Bearer prefix is a common convention for OAuth 2.0 bearer tokens, though some APIs might use a different scheme like X-Api-Key directly as a header name.

Example using Basic Authentication (conceptual)

For Basic Authentication, you would encode your username and password as username:password in Base64 and include it in the Authorization header with the Basic prefix.

curl -X GET \
  https://api.pagecdn.com/v1/account/info \
  -H 'Authorization: Basic BASE64_ENCODED_USERNAME_PASSWORD'

Where BASE64_ENCODED_USERNAME_PASSWORD is the Base64 encoding of [email protected]:your_password. You can generate this string using various online tools or programming language functions (e.g., echo -n 'username:password' | base64 on Linux/macOS).

Security best practices

Adhering to security best practices is essential when managing and using your PageCDN credentials to prevent unauthorized access and maintain the integrity of your content delivery:

Use HTTPS for all API interactions: Always ensure that all communication with PageCDN APIs occurs over HTTPS. This encrypts the data in transit, protecting your API keys and other sensitive information from eavesdropping (Mozilla Developer Network on HTTPS).
Never hardcode credentials: Avoid embedding API keys or passwords directly into your application's source code. Use environment variables, secure configuration files, or dedicated secret management services.
Implement least privilege: When generating API keys, grant only the minimum necessary permissions required for the specific task the key will perform. For example, if a key is only needed for cache invalidation, do not give it permissions to upload or delete assets.
Rotate credentials regularly: Periodically generate new API keys and revoke old ones. This practice reduces the risk associated with a compromised key, as its validity period is limited.
Monitor API key usage: If PageCDN provides logging or monitoring features for API key usage, review these logs regularly for any suspicious activity or unauthorized access attempts.
Secure development environments: Ensure that your development and testing environments are secure and that API keys are not exposed during development or deployment processes.
Use strong, unique passwords: For Basic Authentication or your PageCDN account login, use strong, unique passwords and consider enabling multi-factor authentication if available.
Revoke compromised keys immediately: If you suspect an API key has been compromised, revoke it immediately through your PageCDN dashboard and generate a new one.

PageCDN Authentication: API Key & Basic Auth Guide (2026)

Authentication overview

Supported authentication methods

Authentication Method Comparison

Getting your credentials

Authenticated request example

Example using an API Key (conceptual)

Example using Basic Authentication (conceptual)

Security best practices

Frequently asked questions

Reviews

Discussion

Written by