how can define a apiKey for all document models for ex Media

default discord avatar
koakh12 months ago

I like to set a apiKey globally for one model for ex define a apiKey for all documents od model Media for ex

Currently seems I must set it manually for all documents of model Media, one by one......seems I miss something

What is the point to create aliKey for eache document one by one? and not globally for whole collection/model

From the docs: for each document

From there, a new interface will appear in the Admin panel for each document within the collection that allows you to generate an API key for each user in the Collection


Payload is awesome!

  • discord user avatar
    12 months ago

    I think you are just misunderstanding API keys. Here's a quick overview (we'll update docs so this is more clear @seanzubrickas if you can make this happen that'd be great)

    Basically, in Payload, you can "authenticate" as a user. Users are just documents in a collection. And if you authenticate as a user, you'll have that user show up on the




    as you likely already know from working with the default Payload authentication strategy.

    But just like you can "authenticate" as a user with an email / password (this is considered as our default local auth strategy) you can also authenticate as a user with an API key.

    API keys are generated on a user-by-user basis, just like email / passwords - - they are meant to each represent a single


    . And if you generate an API key on a user, and add it as a header as described in our docs, then Payload will recognize the request being made as a request by the user associated with that API key.

    This is super helpful and lets you maintain granular access over your API keys - you might create a "user" that reflects an integration with a specific external service, and should be given a "role" or specific access needed only by that service / integration. Or you might create a "super admin" user and have an API key assigned to that user, so that any requests made with that API key are considered as being made by that super user.

    The beautiful part of our authentication strategies are that access control works across all strategies the same way. You can use your existing access control to work with API keys and with typical email / password auth.

    TL;DR I don't think you should have api keys enabled for media. instead, you should either have api keys enabled for your "users" collection, which will give the request all the same abilities as the user that the api key is tied to. OR, you could create a specific collection for API keys, where api keys are maintained separately from users altogether

  • default discord avatar
    koakh12 months ago

    what a awesome answer 🙂

    in the end I have been fooled by the docs,

    maybe here

    To enable API keys on a collection


    IMHO if there is an example or said a

    Auth Collection

    , sure I use


    from the start :), shit happens lol

    quote: To enable API keys on a collection, set the useAPIKey auth option to true. From there, a new interface will appear in the Admin panel for each document within the collection that allows you to generate an API key for each user in the Collection.

    I leave here my snippets maybe it's is useful for other "fools" like me ahahaha

    Users Collection with



    import { CollectionConfig } from 'payload/types';
    const Users: CollectionConfig = {
      slug: 'users',
      auth: {
        useAPIKey: true,
      admin: {
        useAsTitle: 'email',
      access: {
        read: () => true,
      fields: [
        // Email added by default
          name: 'name',
          type: 'text',
    export default Users;

    simple fetch example

    import User from '../collections/User';
    import { CLIENT_API_KEY  } from '$env/static/private';
    const response = await fetch("http://localhost:3000/api/media", {
      headers: {
        Authorization: `${User.slug} API-Key ${CLIENT_API_KEY}`,


    $ COLLECTION="users"
    $ API_KEY="ad9e5d05-ca46-4aa1-9435-6543fb5e793d"
    $ curl http://localhost:3000/api/media \
      -H "Accept: application/json" \
      -H "Authorization: ${COLLECTION} API-Key ${API_KEY}" \
      | jq

    and that's all folks

    thanks @jmikrut

Star on GitHub


Chat on Discord



Can't find what you're looking for?

Get help straight from the Payload team with an Enterprise License.