Coming Soon

Need to push / pull data that isn't listed yet? No problem! Contact our support team & we'll jump right on it.


The Firm App API uses API Tokens to authenticate and authorize requests. Each API Token consists of a key and a secret.

NOTE - be very careful to keep your secret token private!

Creating Tokens

API Tokens are managed within the control panel of your Firm App site. From the control panel you'll be able to:

  • Add/remove tokens
  • Add internal notes to describe how the token is being used
  • Set expiration dates for any time in the future
  • Enable/disable tokens as needed
  • View "Last Used" dates for each token
  • View the audit logs of token usage
  • See who generated a token and when it was created / last updated

Using Tokens

The API Token key and secret should be included in the request header as follows:


Token Formats

Both token keys and secrets are case-sensitive, alpha-numeric strings (no symbols) which means neither will need any special encoding/decoding in any situation. The key and secret lengths are both subject to change in the future.

Rate Limiting

The Firm App API rate limits to a maximum of 100 requests per minute per customer. In other words, adding tokens does not increase the bandwidth for API calls.

If the rate limit is exceeded, the result will be a too_many_requests error for at least one minute. Additional requests will continue to increase the timeout period by one minute.

IP Restrictions

IP Address whitelisting may be setup per token or per customer. Please contact the Firm App support team and be sure to include the IPs you wish to whitelist.

Next up, learn about Fetching Data »