Authentication & Authorization Guide
Accessing and interacting with the Fluz API requires proper authentication to secure your application and user data. This guide will walk you through the necessary steps, from obtaining your API Key to generating User Access Tokens for specific operations.
Core Concepts: Types of Authorization
The Fluz API employs two primary authorization mechanisms:
-
API Key Authorization:
- Purpose: Secures endpoints related to the management and administrative aspects of your application. It identifies your application to Fluz.
- How to Use: Include your API Key in the request header:
Authorization: Basic <YOUR_API_KEY>
-
User Access Token Authorization:
- Purpose: Secures user-specific operations, such as purchasing gift cards or viewing transaction history. It ensures that actions are performed on behalf of an authenticated and authorized user.
- How to Use: Include the User Access Token in the request header:
Authorization: Bearer <YOUR_USER_ACCESS_TOKEN>
Getting Started: Authentication Flow
Follow these steps to authenticate your API requests:
Prerequisites
- Create a Developer Account: You'll need a Fluz developer account.
- Create an Application: In the Apps and Integrations section of your Fluz dashboard, create an application.
Understanding Fluz Account Structure
The Fluz account structure has a few key identifiers:
- Account ID (
accountId
): The overall entity representing the transacting party (either an individual or a business). This is what you retrieved in Step 2.- Business vs. Consumer Account Types: Accounts can be
CONSUMER
orBUSINESS
. Different account types may have different spend limits.
The transactions done via the API will contribute towards the overall account spend limits.
- Business vs. Consumer Account Types: Accounts can be
- User ID (
userId
): Identifies the individual user. A user can be associated with one or moreaccountId
s. - Seat ID (
seatId
): (Optional ingenerateUserAccessToken
unless specifically required)- The
seat
is the entity within an account that earns rewards on each transaction and maintains a referral rewards network. - An account can have infinitely many seats.
- If your application needs to specify which seat is performing a transaction (to affect a specific rewards network), you will use the
seatId
.
- The
Step 1: Obtain Your API Key And User ID
Step 2: Identify the Target Fluz Account (accountId
)
accountId
)Step 3: Generate a User Access Token
Step 4: Making Authenticated API Requests
Once you have the necessary credentials:
-
For Application Management Endpoints:
Use your API Key.Authorization: Basic <YOUR_API_KEY>
-
For User-Specific Operations:
Use the generated User Access Token.Authorization: Bearer <YOUR_USER_ACCESS_TOKEN>
Want to learn more? Contact us at [email protected]
Speak with our experts for more info or to request a demo.
Updated 16 days ago