Authentication

There are two primary ways to Authenticate with the Appfigures API. You can choose which one you would like to use based on the kind of app you are using.

  • Personal Access Tokens: (recommended) this is the simplest way to authenticate with the Appfigures API. If you are using the API to access data within your account only we advise you to use this method. You’ll generate a token inside of your Appfigures account and then pass is along with every request to the API. For instance, if you are using the API to pull data into an ETL or other internal dashboard we suggest using Personal Access Tokens.

  • OAuth 2.0: OAuth 2.0 is a widely-used standard but can be tricky to implement correctly. If you are making a client or package that will be distributed to other Appfigures users, you must use this method. For instance, if you are making a mobile app that lets people log-in to their Appfigures accounts and see their own data you must use OAuth 2.0.

Setting up an API Client

Every request to the API is associated with an API Client. You can create one in the Developer Keys section of your Appfigures account.

Identify your app with a User-Agent

When making requests to the Appfigures API it is recommended that you provide the name of the application making the request with the User-Agent header. The name can be any string of your choice.

Authentication Errors

The API will return the following errors when authenticating requests

No API Access – Locked Account

The API will return the following when an account is suspended because of a billing issue:

// HTTP 403 FORBIDDEN

{ 
    "status": 403, 
    "message": "No API Access", 
    "additional": "The authenticated account is locked due to an unpaid balance." 
}

In this case you may want to offer a direct link for the user to make a payment https://appfigures.com/account/billing

API Access is disabled

The API will return the following for a user that has been suspended due to a violation of the API terms:

// HTTP 403 FORBIDDEN

{ 
    "status": 403, 
    "message": "API Access is disabled", 
    "additional": "API access has been disabled for this user due to API terms violation." 
}

To resolve a violation of terms issue contact us.