Tutorials

Automate Everything: Using API Keys with 25cent.cloud

📅 March 3, 2026⏱️ 6 min read👤 By Joshua Goth

One of the most powerful features in 25cent.cloud v3.0 is API key authentication. Instead of logging into the dashboard every time you need to upload a file or create a tunnel, you can do it programmatically — from a script, a CI/CD pipeline, a cron job, or any tool that can make HTTP requests. This tutorial walks you through creating your first API key and using it in real-world automation scenarios.

Step 1: Create an API Key

Log into your 25cent.cloud dashboard and navigate to Settings → API Keys. Click "Create New Key" and give it a descriptive name — something like "CI/CD Uploads" or "Backup Script." The key will be displayed once and only once. Copy it immediately and store it securely. The key is bcrypt-hashed in our database, so we can't retrieve it for you later. If you lose it, you'll need to create a new one.

Your API key looks something like: `25c_ak_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6`. The `25c_ak_` prefix makes it easy to identify in your codebase (and easy for secret scanners to flag if you accidentally commit it).

Step 2: Use the X-API-Key Header

Every API request that requires authentication can use either a JWT token (from browser login) or an API key. To authenticate with an API key, include the `X-API-Key` header in your request. That's it — no OAuth flows, no token refreshing, no session management.

Practical Example: Bash Upload Script

The simplest automation is a bash script that uploads a file using `curl`:

```
#!/bin/bash

upload.sh — Upload a file to 25cent.cloud

API_KEY="${TWENTYFIVE_CENT_API_KEY}"
FILE_PATH="$1"

if [ -z "$FILE_PATH" ]; then
echo "Usage: ./upload.sh "
exit 1
fi

RESPONSE=$(curl -s -X POST \
-H "X-API-Key: ${API_KEY}" \
-F "file=@${FILE_PATH}" \
-F "expiry=24h" \
https://25cent.cloud/api/upload)

SHARE_URL=$(echo "$RESPONSE" | jq -r '.shareUrl')
echo "Uploaded! Share URL: ${SHARE_URL}"
```

Save this script, make it executable with `chmod +x upload.sh`, and set your API key as an environment variable: `export TWENTYFIVE_CENT_API_KEY="25c_ak_your_key_here"`. Now you can upload files from your terminal with `./upload.sh report.pdf`.

Python Upload Script

For more complex automation, Python's `requests` library provides a clean interface:

```
import os
import requests

API_KEY = os.environ["TWENTYFIVE_CENT_API_KEY"]
API_URL = "https://25cent.cloud/api/upload"

def upload_file(file_path, expiry="24h", password=None):
"""Upload a file to 25cent.cloud and return the share URL."""
headers = {"X-API-Key": API_KEY}
data = {"expiry": expiry}
if password:
data["password"] = password

with open(file_path, "rb") as f:
files = {"file": (os.path.basename(file_path), f)}
response = requests.post(API_URL, headers=headers,
data=data, files=files)

response.raise_for_status()
result = response.json()
return result["shareUrl"]

Upload a file with password protection

url = upload_file("quarterly-report.pdf", expiry="48h", password="SecurePass123") print(f"Share URL: {url}") ```

Node.js Upload Script

For JavaScript/TypeScript projects, you can use the built-in `fetch` API:

```
const fs = require('fs');
const path = require('path');

const API_KEY = process.env.TWENTYFIVE_CENT_API_KEY;
const API_URL = 'https://25cent.cloud/api/upload';

async function uploadFile(filePath, options = {}) {
const formData = new FormData();
const fileBuffer = fs.readFileSync(filePath);
const blob = new Blob([fileBuffer]);
formData.append('file', blob, path.basename(filePath));
formData.append('expiry', options.expiry || '24h');

if (options.password) {
formData.append('password', options.password);
}

const response = await fetch(API_URL, {
method: 'POST',
headers: { 'X-API-Key': API_KEY },
body: formData
});

const result = await response.json();
return result.shareUrl;
}

// Usage
uploadFile('./build/app.zip', { expiry: '72h' })
.then(url => console.log(`Uploaded: ${url}`))
.catch(err => console.error('Upload failed:', err));
```

GitHub Actions Workflow

Automate build artifact uploads in your CI/CD pipeline. Add your API key as a repository secret, then create a workflow:

```
name: Build and Upload
on:
push:
tags: ['v*']

jobs:
build-and-upload:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Build project
run: npm run build && zip -r build.zip dist/

- name: Upload to 25cent.cloud
run: |
RESPONSE=$(curl -s -X POST \
-H "X-API-Key: ${{ secrets.TWENTYFIVE_CENT_API_KEY }}" \
-F "[email protected]" \
-F "expiry=168h" \
https://25cent.cloud/api/upload)
echo "Download URL: $(echo $RESPONSE | jq -r '.shareUrl')"
```

Every tagged release automatically builds your project, zips the output, and uploads it to 25cent.cloud with a 7-day expiry. Share the download link in your release notes, Slack channel, or email.

Cron Job: Daily Database Backups

Set up a cron job that dumps your database and uploads the backup daily:

```

Add to crontab (crontab -e)

0 2 * /home/user/scripts/backup-and-upload.sh

backup-and-upload.sh

#!/bin/bash TIMESTAMP=$(date +%Y%m%d_%H%M%S) BACKUP_FILE="/tmp/db_backup_${TIMESTAMP}.sql.gz"

pg_dump mydb | gzip > "$BACKUP_FILE"

curl -s -X POST \
-H "X-API-Key: ${TWENTYFIVE_CENT_API_KEY}" \
-F "file=@${BACKUP_FILE}" \
-F "expiry=168h" \
-F "password=${BACKUP_PASSWORD}" \
https://25cent.cloud/api/upload

rm "$BACKUP_FILE"
```

This creates a compressed, password-protected database backup every night at 2 AM, uploads it to 25cent.cloud with a 7-day expiry, and cleans up the local file. Old backups auto-delete from 25cent.cloud — no manual cleanup needed.

Zapier/Make Integration

Both Zapier and Make (formerly Integromat) support custom webhook actions. You can create a Zap or Scenario that triggers when a file is added to Google Drive, Dropbox, or a Slack channel, and automatically uploads it to 25cent.cloud using the API. Set up a webhook action with the API URL, add the `X-API-Key` header, and map the file from the trigger step. No coding required.

Shell Alias for Quick Uploads

Add this to your `.bashrc` or `.zshrc` for instant uploads from any terminal:

```

Quick upload alias

alias upload='f() { curl -s -X POST -H "X-API-Key: ${TWENTYFIVE_CENT_API_KEY}" -F "file=@$1" -F "expiry=24h" https://25cent.cloud/api/upload | jq -r ".shareUrl" | tee /dev/tty | xclip -selection clipboard; }; f'
```

Now you can type `upload myfile.pdf` from anywhere and the share URL is printed to the terminal and copied to your clipboard automatically.

Security Best Practices

API keys are powerful — treat them like passwords. Follow these practices to keep your keys secure:

- Store keys in environment variables — never hardcode them in source files. Use .env files (added to .gitignore) for local development and secret managers for production.

- Rotate keys regularly — create a new key every 90 days and revoke the old one. This limits the blast radius if a key is compromised.

- Use separate keys for different projects — if one project's key is compromised, you can revoke it without affecting others.

- Revoke immediately if compromised — if a key appears in a commit, a log file, or a public paste, revoke it from the dashboard immediately and create a new one.

- Monitor key usage — check the API key activity log in your dashboard regularly for unexpected usage patterns.

API keys make 25cent.cloud a building block for your automation workflows. Whether you're uploading build artifacts, backing up databases, or integrating with third-party tools, a single HTTP request with your API key is all it takes.