Authenticating with the APIs

Authenticating with the APIs

The entrypoint to use for all requests is ​https://api.fliplet.com​. Alternatively, US clients can use ​https://us.api.fliplet.com​ to get faster execution and response when their data resides in the US region (same applied for Canadian customers wanting to use ​https://ca.api.fliplet.com​). If you’re unsure about this, please get in touch with us.

All requests must be made via ​SSL​ to the above HTTPS-only endpoint.

All our APIs uses ​RESTful​ web services which supports both JSON and url-encoded parameters as body of POST requests.

The request body size ​limit​ on all endpoints is set to 1​ GB​, which is then a hard limit for uploaded files.

All requests must contain the API authentication token in the request headers ​or​ as a GET parameter. Alternatively, it can also be sent as a cookie, although sending it in the headers is preferred for security.

Option 1) as a header

Auth-token: eu--abcdefg123456789

Alternatively, you can also send the token via the Authorization header, encoded as a base64:

Authorization: Bearer ZXUtLWFiY2RlZmcxMjM0NTY3ODk=

Option 2) as a GET parameter

?auth_token=eu--abcdefg123456789

Option 3) as a request cookie

Cookie: auth_token=eu--abcdefg123456789;

If the provided token has been revoked, an error message will be returned as follows:

{
  "error": "not authorised",
  "message":"The auth_token provided doesn't belong to any user."
}

How to create an authentication token

  1. Login to Fliplet Studio with your account
  2. Edit the app you want to have API access to
  3. Go to ‘App Settings’
  4. Go to ‘API tokens’ tab of app settings
  5. Create a new API token

Note: The token does not expire, but can be revoked at any time should you want to (e.g. when unauthorized access is found or your token has been compromised).

Some API endpoints may require you to use the app's production ID for extra added security, since API tokens don't have access to the working draft apps you see in Studio. You can grab the production app's ID by heading to the https://api.fliplet.com/v1/apps/ endpoint and verify the value for the productionAppId for the apps you have access to

Please note that you may need to set up appropriate Data Source security rules on the API token for the Data Sources you are reading or writing data to.

All done? Jump to the Data Sources documentation to start using our REST APIs!

Next »