HomeGuidesAPI ReferenceChangelogDiscussions
Guides
These docs are for v1.0. Click to read the latest docs for v2024-10-01.

FAQs

In this section you will find the frequently asked questions about our API.

Suggest Edits

Authentication

  • Who, and how, can we obtain the API KEY?
    The administrators are responsible for creating the API KEY in the UI. The steps:
    Click on "Configuration" on the left sidebar > click on the API option > Create API KEY.
  • Can I customize the API KEY information in Factorial?
    No, the API KEY grants access to all information inside the platform and cannot be customized. The alternative is OAuth 2 to access customized data.
  • Does the API KEY expire?
    No, the API KEY won't expire.
  • OAuth2: What happens when I get "null" information using OAuth 2 in certain properties?
    This is because in your permission group (in the Factorial interface) you don't have access to this information. This permission has to be granted by the admin of the company from the UI.
  • OAuth2: What I should take into consideration?
    1. The user needs to be created in the Factorial account
    2. They need to have the permission set up for this user in the platform
  • OAuth 2: Steps to take to delegate the permission from admin to employee
    Step 1: Callback URL Setup by IT
    The IT team needs to provide the Callback URL (the URL where the authorization server will redirect after authentication) to the Admin.
    Step 2: Admin Inserts Callback URL
    The Admin will take the Callback URL provided by IT and paste it into the correct place in the Factorial platform or repository (depending on where you are configuring OAuth 2.0).
    Step 3: Admin Retrieves Secret ID
    After pasting the Callback URL, the Admin will generate or retrieve the Client Secret (Secret ID) from the platform.
    Step 4: Admin Shares Secret ID with IT
    The Admin must then provide the Secret ID to the IT team, so they can use it to complete the OAuth setup and make authenticated API calls.
    Step 5: Refresh Token Script
    Once the OAuth flow is set up, the IT team needs to create a script that uses the refresh token. This script should run every 50 minutes to automatically refresh the token and maintain continuous access to the API without needing the user to log in again.

Rate limit

  • There is a limit of 200 requests per minute for POST requests on every /api/v2 endpoints
  • There is a limit of 100 request per minute for POST requests on every /api/v1 endpoints

What do we mean about required in certain properties?

Required here means that the payload we send to the subscriber will always be present. This means: every webhook message will include the employee id, access, surname, etc.

Updated about 2 months ago

What’s Next