The Appfigures API makes use of HTTP Authentication for all requests. It is simple to implement, and secure when used over SSL.

HTTP authentication is built into most HTTP clients (with the exception of Objective C), so you won’t need to actually encode anything your application. If you’re curious about how it works keep reading.

HTTP Authentication is accomplished by adding an Authorization header to your request with the username and password separated by a colon and base64 encoded, preceded by the word “Basic” and separated by a space. That’s quite a mouthful, here’s an example.

This is what a request might look like for the user ‘Aladdin’ and password ‘open sesame’:

GET /v1.1/users/ HTTP/1.1
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

Identify your app with a User-Agent

When making requests to the Appfigures API it is recommended that you provide the name of the application making the request with the


header. The name can be any string of your choice.

Authentication Errors

The API will return the following errors when authenticating requests

No API Access – Locked Account

The API will return the following when an account is suspended because of a billing issue:


{ "status": 403, "message": "No API Access", "additional": "The authenticated account is locked due to an unpaid balance." }

In this case you may want to offer a direct link for the user to make a payment

API Access is disabled

The API will return the following for a user that has been suspended due to a violation of the API terms:


{ "status": 403, "message": "API Access is disabled", "additional": "API access has been disabled for this user due to API terms violation." }

To resolve a violation of terms issue contact us.