Important: HTTP Basic Auth is no longer supported. Please switch to using OAuth 2.0 or Personal Access Tokens.
HTTP Authentication is no longer supported by Appfigures. We suggest switching to OAuth 2.0 or Personal Access Tokens. The documentation is preserved here for legacy implementations.
Important: If you want to allow other people to authenticate in your app this will not work! To access account data that is not from the same account as the one that issued your app key you must use OAuth 2.
The API supported Basic Auth mode using your account username and password as well as your client_key (that you got when you create an API client.
The preferred way to do this is in the X-Client-Key header. If you’re using a platform or client that doesn’t make it easy to add custom headers you can also send it in the client_key=KEY query string parameter.
Authentication Errors
The API can return the following errors when authenticating requests
Bad Credentials
// HTTP 401 Authorization Required
{
"status": 401,
"message": "Could not authenticate: rob@fobsdirect.com",
"additional": "",
"reference": ""
}
No API Access – Locked Account
The API will return the following when an account is suspended because of a billing issue:
// HTTP 403 FORBIDDEN
{
"status": 403,
"message": "No API Access",
"additional": "The authenticated account is locked due to an unpaid balance."
}
In this case you may want to offer a direct link for the user to make a payment https://appfigures.com/account/billing
API Access is disabled
The API will return the following for a user that has been suspended due to a violation of the API terms:
// HTTP 403 FORBIDDEN
{
"status": 403,
"message": "API Access is disabled",
"additional": "API access has been disabled for this user due to API terms violation."
}
No App Key given
// HTTP 400 Bad Request
{
"status": 400,
"message": "Must give an app key via X-Client-Key header or client_key query string parameter",
"additional": "",
"reference": ""
}
To resolve a violation of terms issue contact us.