The Firm App API uses API Tokens to authenticate and authorize requests.
Each API Token consists of a
key and a
NOTE - be very careful to keep your secret token private!
API Tokens are managed within the control panel of your Firm App site. From the control panel you'll be able to:
- Add/remove tokens
- Add internal notes to describe how the token is being used
- Set expiration dates for any time in the future
- Enable/disable tokens as needed
- View "Last Used" dates for each token
- View the audit logs of token usage
- See who generated a token and when it was created / last updated
The API Token key and secret should be included in the request header as follows:
X-Api-Key: YOUR_API_KEY_HERE X-Api-Secret: YOUR_API_SECRET_HERE
Both token keys and secrets are case-sensitive, alpha-numeric strings (no symbols) which means neither will need any special encoding/decoding in any situation. The key and secret lengths are both subject to change in the future.
The Firm App API rate limits to a maximum of 100 requests per minute per customer. In other words, adding tokens does not increase the bandwidth for API calls.
If the rate limit is exceeded, the result will be a
error for at least one minute. Additional requests will continue
to increase the timeout period by one minute.
IP Address whitelisting may be setup per token or per customer. Please contact the Firm App support team and be sure to include the IPs you wish to whitelist.
Next up, learn about Fetching Data »