Fluz API Overview
API ReferenceFluz
  1. GET SET UP

Authentication & Authorization Guide

Core Concepts: Types of Authorization

The Fluz API employs two primary authorization mechanisms:

  1. API Key Authorization:

    • Purpose: Secures endpoints related to the management and administrative aspects of your application. It identifies your application to Fluz.
    • How to Use: Include your API Key in the request header: 
      Authorization: Basic <YOUR_API_KEY>

  2. User Access Token Authorization:

    • Purpose: Secures user-specific operations, such as purchasing gift cards or viewing transaction history. It ensures that actions are performed on behalf of an authenticated and authorized user.
    • How to Use: Include the User Access Token in the request header: 
      Authorization: Bearer <YOUR_USER_ACCESS_TOKEN>

Getting Started: Authentication Flow

Follow these steps to authenticate your API requests:

Prerequisites

  1. Create an Application: In the Developers section of your Fluz dashboard, create an application.

Understanding Fluz Account Structure

The Fluz account structure has a few key identifiers:

  • Account ID (accountId): The overall entity representing the transacting party (either an individual or a business). This is what you retrieved in Step 2.
    • Business vs. Consumer Account Types: Accounts can be CONSUMER or BUSINESS. Different account types may have different spend limits.
    ℹ️

    The transactions done via the API will contribute towards the overall account spend limits.

  • User ID (userId): Identifies the individual user. A user can be associated with one or more accountIds.
  • Seat ID (seatId): (Optional in generateUserAccessToken unless specifically required)
    • The seat is the entity within an account that earns rewards on each transaction and maintains a referral rewards network.
    • An account can have infinitely many seats.
    • If your application needs to specify which seat is performing a transaction (to affect a specific rewards network), you will use the seatId.

Step 1: Obtain Your API Credentials

Step 2: Generate a User Access Token

Step 3: Making Authenticated API Requests

Once you have the necessary credentials:

  • For Application Management Endpoints:
    Use your API Key.

    Authorization: Basic <YOUR_API_KEY>

  • For User-Specific Operations:
    Use the generated User Access Token.

    Authorization: Bearer <YOUR_USER_ACCESS_TOKEN>

Step 4: Refresh an Expired User Access Token


Want to learn more? Contact us at [email protected]

Speak with our experts for more info or to request a demo.

Updated 9 months ago