Authentication & Authorization Guide

Accessing and interacting with the Fluz API requires proper authentication to secure your application and user data. This guide will walk you through the necessary steps, from obtaining your API Key to generating User Access Tokens for specific operations.

Core Concepts: Types of Authorization

The Fluz API employs two primary authorization mechanisms:

  1. API Key Authorization:

    • Purpose: Secures endpoints related to the management and administrative aspects of your application. It identifies your application to Fluz.
    • How to Use: Include your API Key in the request header:
      Authorization: Basic <YOUR_API_KEY>
  2. User Access Token Authorization:

    • Purpose: Secures user-specific operations, such as purchasing gift cards or viewing transaction history. It ensures that actions are performed on behalf of an authenticated and authorized user.
    • How to Use: Include the User Access Token in the request header:
      Authorization: Bearer <YOUR_USER_ACCESS_TOKEN>

Getting Started: Authentication Flow

Follow these steps to authenticate your API requests:

Prerequisites

  1. Create a Developer Account: You'll need a Fluz developer account.
  2. Create an Application: In the Apps and Integrations section of your Fluz dashboard, create an application.

Understanding Fluz Account Structure

The Fluz account structure has a few key identifiers:

  • Account ID (accountId): The overall entity representing the transacting party (either an individual or a business). This is what you retrieved in Step 2.
    • Business vs. Consumer Account Types: Accounts can be CONSUMER or BUSINESS. Different account types may have different spend limits.

    ℹ️

    The transactions done via the API will contribute towards the overall account spend limits.

  • User ID (userId): Identifies the individual user. A user can be associated with one or more accountIds.
  • Seat ID (seatId): (Optional in generateUserAccessToken unless specifically required)
    • The seat is the entity within an account that earns rewards on each transaction and maintains a referral rewards network.
    • An account can have infinitely many seats.
    • If your application needs to specify which seat is performing a transaction (to affect a specific rewards network), you will use the seatId.

Step 4: Making Authenticated API Requests

Once you have the necessary credentials:

  • For Application Management Endpoints:
    Use your API Key.

    Authorization: Basic <YOUR_API_KEY>
  • For User-Specific Operations:
    Use the generated User Access Token.

    Authorization: Bearer <YOUR_USER_ACCESS_TOKEN>

Want to learn more? Contact us at [email protected]

Speak with our experts for more info or to request a demo.