Authentication
Obtaining and Using your API Key
Once you have created an application in the Apps and Integrations section of your Fluz dashboard, you will be able to get the API keys for that application.
To use the Fluz API, you must authenticate your requests using an API key. This key identifies your application and allows you to make secure requests to our endpoints.
When building an application with the Fluz API, securing your application and user interactions is critical. The Fluz API uses different types of authorization mechanisms to ensure that only authorized applications and users can access certain endpoints. Understanding how to manage API keys and tokens is a crucial step in integrating with the Fluz platform.
Your developer account will need Fluz certification before getting initial access to API keys
In order to help ensure your application is operating properly, we will help run some test certifications. This certification process will be done based off the scope of your application.
Types of Authorization
API Key Authorization
Purpose:
The API Key is used to secure endpoints related to the management of your application. It ensures that only your application can make specific administrative calls.
Where to Find:
You can find your API Key in the Developer Console on the Fluz platform. When you open the API Explorer, the API Key is automatically included in the header of your requests, making it easy to test and develop your application.
How to Use: Reference
When making requests to secured application management endpoints, include the API Key in the request header as follows:
Authorization: Basic \<API_KEY>
Replace \<API_KEY> with your actual API Key.User Access Token Authorization
Purpose:
The User Access Token secures user-specific operations. It is required when performing actions that involve user data or transactions, ensuring that only authenticated users can access their data or perform operations.
How to Generate:Reference
To generate a User Access Token, use the generateAccessToken mutation. This mutation authenticates a user and returns a token that can be used in subsequent API calls that require user-level authorization.
How to Use:
Include the User Access Token in the request header for any API call that requires user authentication:
Authorization: Bearer <TOKEN>
Replace <TOKEN> with the token generated from the generateAccessToken mutation.Further Exploration:
For more details on operations that require user authorization, explore the available endpoints in the API Explorer. The Explorer will automatically include the necessary tokens in your requests when you are authenticated.
Getting Started with Authorization
To begin integrating with the Fluz API:
- Create an App: Start by creating an application in the Developer Console.
- Retrieve Your API Key: Find your API Key in the Developer Console.
- Authenticate User Actions: Use the generateAccessToken mutation to obtain a User Access Token for securing user-specific operations.
- Start Making Requests: Use the appropriate authorization method (API Key or User Access Token) in your API requests to interact with the Fluz platform securely.
By properly managing your API Key and User Access Token, you can ensure that your application and its users are protected while interacting with the Fluz API.
Endpoints Overview
The Fluz API provides several endpoints to manage your account and transactions. Below is an overview of the available queries and mutations:
Queries
balance: Retrieve your current account balance.fundingSources: List all your funding sources.virtualCards: View details of your virtual cards.
Mutations
addFundingSource: Add a new funding source to your account.depositFunds: Deposit money into your account.buyGiftCard: Purchase a gift card.
Each endpoint has detailed documentation, including the query or mutation structure, parameters, and example requests and responses.
Updated about 2 months ago