Appearance
Managing API Keys
FeedPress provides a powerful API that allows you to integrate FeedPress into your website, application, or workflow. API keys are used to authenticate your requests and ensure secure access to your account data.
What are API keys and tokens?
FeedPress uses a two-part authentication system for API access:
API Keys
API keys identify your application or integration. Each API key:
- Identifies which application or integration is making requests
- Represents a specific app (e.g., "Mobile App", "WordPress Plugin")
- Persists across users and sessions
- Can be shared across multiple users of the same application
Tokens
Tokens authenticate individual users for OAuth-style authentication. Each token:
- Authenticates a specific user accessing the API
- Associates with a particular API key
- Provides user-level authorization and permissions
- Can be generated and deleted as needed for each user
How they work together: The API key identifies what application is making the request, while the token identifies who (which user) is making the request.
Accessing API key management
- Log into your FeedPress account
- Navigate to Account settings (click your username in the top menu)
- Select "API" from the account menu
- You'll see the API key management page with your existing keys
Creating an API key
Step 1: Navigate to the API page
From your FeedPress account dashboard:
- Click on your username in the top navigation
- Select API from the account menu
Step 2: Create a new API key
- Scroll down to the "Create New API Key" section
- Fill in the required information:
- Application name: A descriptive name for your application or integration
- Examples: "Mobile App", "WordPress Plugin", "Analytics Dashboard"
- Short description: What this API key will be used for
- Examples: "iOS app for feed management", "Website integration for stats display"
- Application name: A descriptive name for your application or integration
- Click "Create API Key"
Step 3: Copy your API key
Once created, your new API key will appear in the table with:
- Name: Your application name
- Description: Your usage description
- API Key: A unique identifier (looks like:
507f1f77bcf86cd799439011)
Important: Copy your API key immediately and store it securely. You'll need this key for all API requests.
Managing your API keys
Viewing existing API keys
The API keys table displays all your active keys with:
- Name: Application or integration name
- Description: Purpose of the API key
- API Key: The unique identifier for authentication
- Token: Your personal authentication token for this API key
- Actions: Available operations (delete API key)
Best practices for API keys
Security
- Keep keys secret: Never share your API keys publicly
- Store securely: Use environment variables or secure configuration files
- Don't commit to Git: Add API keys to
.gitignoreto prevent accidental commits - One key per application: Create separate keys for different apps or integrations
Organization
- Use descriptive names: Make it easy to identify each key's purpose
- Document usage: Note where each key is used in your infrastructure
- Review regularly: Periodically audit your keys and remove unused ones
Deleting API keys
When you no longer need an API key:
- Locate the key in the API keys table
- Click "Delete" in the Actions column
- Confirm the deletion when prompted
Warning: Deleting an API key immediately revokes access for any applications using that key. Ensure you're not deleting a key that's actively in use.
Managing tokens
Tokens provide user-level authentication for API keys, supporting OAuth-style authentication where the key identifies the application and the token authenticates the user.
Generating a token
To create a token for an API key:
- Locate the API key in the table
- Find the Token column for that key
- Click "Generate Token" (green button)
- Copy the token that appears - it will look like:
67890abcdef12345
Each user can have one token per API key. If a token already exists, you'll see it displayed instead of the generate button.
Using tokens
Tokens can be used in API requests for user-specific authentication:
GET https://api.feedpress.com/feeds.json?token=YOUR_TOKENWhen to use tokens vs API keys:
- Use API keys for application-level authentication (single app, multiple potential users)
- Use tokens for user-level authentication (OAuth flows, multi-user applications)
Deleting tokens
To revoke a token:
- Locate the token in the Token column
- Click the small "Delete" button next to the token
- Confirm the deletion when prompted
Deleting a token immediately revokes that user's access for that API key, but the API key itself remains active.
Token security
- Keep tokens private: Tokens authenticate YOU specifically
- Don't share tokens: Each user should generate their own token
- Regenerate if compromised: Delete and regenerate tokens if exposed
- One token per key: You can only have one active token per API key
When to use tokens
Tokens are ideal for scenarios where you need user-level authentication:
Multi-user applications
- SaaS platforms where each customer needs their own FeedPress access
- Team collaboration tools where different team members access FeedPress
- White-label solutions serving multiple clients
OAuth-style integrations
- Third-party services that connect to FeedPress on behalf of users
- Browser extensions or desktop apps that require user authentication
- Mobile apps with individual user accounts
Enhanced security
- Limiting exposure by using tokens instead of sharing API keys
- Providing granular access control per user
- Easy revocation without affecting the entire application
Using the FeedPress API
Authentication
FeedPress supports two authentication methods:
Method 1: API Key Authentication (Application-level)
GET https://api.feedpress.com/feeds.json?key=YOUR_API_KEYUse this when your application authenticates as itself, not on behalf of specific users.
Method 2: Token Authentication (User-level)
GET https://api.feedpress.com/feeds.json?token=YOUR_TOKENUse this for user-specific authentication, especially in multi-user applications or OAuth flows.
Replace YOUR_API_KEY or YOUR_TOKEN with your actual credentials from the API management page.
Common API endpoints
List all your feeds
GET https://api.feedpress.com/feeds.json?key=YOUR_API_KEYReturns a JSON array of all your feeds with their details.
Get feed statistics
GET https://api.feedpress.com/feed/{feed_id}/stats.json?key=YOUR_API_KEYReturns statistics for a specific feed, including:
- Total hits
- Subscriber counts
- Geographic data
- User agent information
Get subscriber data
GET https://api.feedpress.com/feed/{feed_id}/subscribers.json?key=YOUR_API_KEYReturns subscriber information and trends for a specific feed.
Response format
All API responses are returned in JSON format:
json
{
"success": true,
"data": {
"feeds": [
{
"id": "yourfeed",
"title": "Your Podcast Title",
"url": "https://feeds.feedpress.com/yourfeed"
}
]
}
}API usage examples
Using cURL
bash
# List all feeds (using API key)
curl "https://api.feedpress.com/feeds.json?key=YOUR_API_KEY"
# List all feeds (using token)
curl "https://api.feedpress.com/feeds.json?token=YOUR_TOKEN"
# Get feed statistics
curl "https://api.feedpress.com/feed/yourfeed/stats.json?key=YOUR_API_KEY"Using JavaScript (fetch)
javascript
const API_KEY = 'YOUR_API_KEY';
const TOKEN = 'YOUR_TOKEN';
const API_BASE = 'https://api.feedpress.com';
// Fetch all feeds (using API key)
fetch(`${API_BASE}/feeds.json?key=${API_KEY}`)
.then(response => response.json())
.then(data => {
console.log('Your feeds:', data);
})
.catch(error => {
console.error('Error fetching feeds:', error);
});
// Fetch all feeds (using token for user authentication)
fetch(`${API_BASE}/feeds.json?token=${TOKEN}`)
.then(response => response.json())
.then(data => {
console.log('Your feeds:', data);
})
.catch(error => {
console.error('Error fetching feeds:', error);
});Using Python (requests)
python
import requests
API_KEY = 'YOUR_API_KEY'
API_BASE = 'https://api.feedpress.com'
# Fetch all feeds
response = requests.get(f'{API_BASE}/feeds.json?key={API_KEY}')
feeds = response.json()
print('Your feeds:', feeds)Using PHP
php
<?php
$apiKey = 'YOUR_API_KEY';
$apiBase = 'https://api.feedpress.com';
// Fetch all feeds
$response = file_get_contents("{$apiBase}/feeds.json?key={$apiKey}");
$feeds = json_decode($response, true);
print_r($feeds);
?>Common use cases
Website integration
Display your podcast or blog statistics on your website using the API to fetch real-time data.
Mobile applications
Build mobile apps that allow you to manage feeds, view statistics, and monitor subscriber growth.
Analytics dashboards
Create custom dashboards that combine FeedPress data with other metrics for comprehensive reporting.
Automated workflows
Use the API to automate tasks like:
- Generating weekly reports
- Sending alerts when subscriber thresholds are reached
- Syncing data with other platforms
Third-party integrations
Connect FeedPress with other services like:
- Zapier workflows
- Google Sheets for data analysis
- Slack for notifications
- CRM systems for subscriber management
Troubleshooting
"Invalid API key" error
- Verify the key: Ensure you're using the complete API key exactly as shown
- Check for spaces: Remove any extra spaces before or after the key
- Confirm it exists: Check that the key hasn't been deleted from your account
"Unauthorized" error
- Verify ownership: Ensure you're accessing feeds that belong to your account
- Check permissions: Some endpoints may require specific account permissions
Rate limiting
The FeedPress API has rate limits to prevent abuse:
- Be reasonable: Don't make excessive requests in short periods
- Cache responses: Store API data locally and refresh periodically
- Use webhooks: For real-time updates, consider webhooks instead of polling
No data returned
- Check feed ID: Ensure you're using the correct feed identifier
- Verify feed exists: Confirm the feed is active in your account
- Review parameters: Check that all required parameters are included
Security best practices
Protecting your API keys and tokens
In code
javascript
// ❌ Bad - hardcoded credentials
const apiKey = '507f1f77bcf86cd799439011';
const token = '67890abcdef12345';
// ✅ Good - use environment variables
const apiKey = process.env.FEEDPRESS_API_KEY;
const token = process.env.FEEDPRESS_TOKEN;In configuration files
bash
# .env file (add to .gitignore)
FEEDPRESS_API_KEY=507f1f77bcf86cd799439011
FEEDPRESS_TOKEN=67890abcdef12345In server-side applications
- Store API keys and tokens in environment variables
- Use secret management services (AWS Secrets Manager, HashiCorp Vault)
- Never expose credentials in client-side code
- Rotate keys and tokens periodically
- Use tokens for user-specific operations to limit exposure
What to do if credentials are compromised
If an API key is compromised:
- Delete the compromised key immediately from your FeedPress account
- Create a new key with a different name
- Update all applications that were using the old key
- Review API access logs (if available) for suspicious activity
- Audit your codebase to prevent future exposure
If a token is compromised:
- Delete the token immediately (click Delete next to the token)
- Generate a new token for that API key
- Update your application with the new token
- Review recent account activity for unauthorized access
API documentation
For complete API documentation, including:
- All available endpoints
- Request parameters
- Response formats
- Error codes
- Advanced features
Visit the official documentation:
Support
If you encounter issues with API keys or the FeedPress API:
- Check the documentation: Most common questions are answered in the API docs
- Contact support: Reach out through your FeedPress dashboard
- Community forums: Connect with other developers using the FeedPress API
API keys and tokens provide a powerful, flexible authentication system to extend FeedPress functionality and integrate it into your existing workflows and applications. With proper management and security practices, you can build robust integrations that enhance your podcasting or publishing experience while maintaining user-level control and security.