Authentication

The Fairo API uses API keys to authenticate requests. You can create both personal access tokens and organization-level API key-pairs.

API keys inherit almost all the permissions of their creator with the exception of any organization and profile settings (those can only be accessed and modified from the Fairo web application.) It is, therefore, important that you keep them secure. If someone obtains access to your API key, they can impersonate you in the system. As an added measure of security, it is recommended that you rotate your keys with regular frequency. Once API keys are created, they cannot be viewed again.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

The Fairo API uses basic authentication with the id and secret from the API keys you create in the organization settings page (for organization-wide use) or in your user profile (for personal use).


What’s Next