The public API provides two methods of authentication, ApiKeys and OAuth2. The following sections provide information regarding each one and their intent.
API Keys are a single string of symbols that must be added as a custom header on the request. The header name must be x-api-key and the key must be the value without any prefixes.
API keys are used to identify systems, not the individual users that access.
API keys have TOTAL ACCESS to everything and never expire. It's the creator's responsibility to generate them and store them securely.
The API Key should be passed in the request header as x-api-key
curl --location --request GET 'Base URL' --header 'x-api-key: YOUR-API-KEY'
- Base URL: You can get these endpoints from our API Reference
API KEY Generation
An administrator should generate the KEY from the user interface (Factorial platform) following this guide
You can also manage KEYS via API, check Core > Keys section.
API Key management require full admin permissions as the resource itself allows for full admin access to the entire platform on behalf of the company and not of a user, therefore operations are not linked to any user in particular.
OAuth2 is used to identify individual users, not applications or platforms.
OAuth2 is available for authenticating to the public API and making requests via third parties on behalf of a user. All actions are authored on behalf of the user that creates the token. This means, is to be used mainly to submit actions the actual user is performing on an alternative interface.
In other words, the user needs to meet certain requirements to use OAuth 2:
- The user needs to be an employee inside Factorial interface
- The user needs to be on a permission group with the correspondent access to Factorial information. For example, if the user shouldn't see contracts of other employees, their set of permissions should reflect this.
- Only admin users can access OAuth 2 repository and change the configuration
Steps to set up your OAuth 2
Create a new OAuth application and follow the creation process.
Generate the OAuth 2 Authorization Code in order to generate an OAuth2 Token.
OAUTH2 TOKEN USAGE
The generated token is the credential for performing authenticated requests to Factorial. This token should be included in the Authorization header prefixed with the word Bearer and a separating space.
As an example, if your token is 12345 then the header content should be Bearer 12345.
MAINTAINING A PERSISTENT CONNECTION
To maintain a persistent connection, you should not let the token expire. You can avoid this by simply refreshing your token before the expiration date. This will give you another token with a new expiration date, before that token expires you should refresh it again, and so on...
If you want to do this automatically, you should provide something in your code that will help you perform the update every time the token expires. Otherwise, you would have to do the update manually and make sure you refresh your token before the expiration date to maintain the connection.
In case you need a Sandbox development, contact your Account Manager, who will provide a Demo environment in Factorial for testing purposes.
More about Sandbox, here
- There is a limit of 200 requests per minute for POST requests on every /api/v2 endpoints
- There is a limit of 100 request per minute for POST requests on every /api/v1 endpoints
Updated 6 months ago