HomeGuidesAPI ReferenceChangelogDiscussions
Guides

FAQs

FAQs on general questions about our API

Authentication

  • Who, and how, can we obtain the API KEY?
    The administrators are responsible for creating the API KEY in the UI. The steps:
    Click on "Configuration" on the left sidebar > click on the API option > Create API KEY.
  • Can I customize the API KEY information in Factorial?
    No, the API KEY grants access to all information inside the platform and cannot be customized. The alternative is OAuth 2 to access customized data.
  • Does the API KEY expire?
    No, the API KEY won't expire.
  • OAuth2: What happens when I get "null" information using OAuth 2 in certain properties?
    This is because in your permission group (in the Factorial interface) you don't have access to this information. This permission has to be granted by the admin of the company from the UI.
  • OAuth2: What I should take into consideration?
    1. The user needs to be created in the Factorial account
    2. They need to have the permission set up for this user in the platform
  • OAuth 2 - user token: Steps to provide access to an employee/partner
    Step 1: Callback URL Setup by IT
    The IT team needs to provide the Callback URL (the URL where the authorization server will redirect after authentication) to the Admin. It's important that the URL can receive a GET from the server.
    Step 2: Admin Inserts Callback URL
    The Admin will take the Callback URL provided by IT and paste it into the correct place in the Factorial platform or repository.
    Step 3: Admin Retrieves Secret ID
    After pasting the Callback URL, the Admin will generate or retrieve the Client Secret (Secret ID) from the platform.
    Step 4: Admin Shares Secret ID with IT
    The Admin must then provide the Secret ID to the IT team, so they can use it to complete the OAuth setup and make authenticated API calls.
    Step 5: Refresh Token Script
    Once the OAuth flow is set up, the IT team needs to create a script that uses the refresh token. This script should run every 50 minutes to automatically refresh the token and maintain continuous access to the API without needing the user to log in again.

Rate limit

  • There is a limit of 200 requests per minute for POST requests on every /api/v2 endpoints
  • There is a limit of 100 request per minute for POST requests on every /api/v1 endpoints

What do we mean about required in certain properties?

Required here means that the payload we send to the subscriber will always be present. This means: every webhook message will include the employee ID, access, surname, etc.


Sandbox development

In case you need a Sandbox development, contact your Account Manager, who will provide a Demo environment in Factorial for testing purposes.
Learn more about Factorial environments