FAQs
In this section you will find the frequently asked questions about our API.
Authentication
- Who, and how, can we obtain the API KEY?
The administrators are responsible for creating the API KEY in the UI. The steps:
Click on "Configuration" on the left sidebar > click on the API option > Create API KEY. - Can I customize the API KEY information in Factorial?
No, the API KEY grants access to all information inside the platform and cannot be customized. The alternative is OAuth 2 to access customized data. - Does the API KEY expire?
No, the API KEY won't expire. - OAuth2: What happens when I get "null" information using OAuth 2 in certain properties?
This is because in your permission group (in the Factorial interface) you don't have access to this information. This permission has to be granted by the admin of the company from the UI. - OAuth2: What I should take into consideration?
- The user needs to be created in the Factorial account
- They need to have the permission set up for this user in the platform
- OAuth 2: Steps to take to delegate the permission from admin to employee
Step 1: Callback URL Setup by IT
The IT team needs to provide the Callback URL (the URL where the authorization server will redirect after authentication) to the Admin.
Step 2: Admin Inserts Callback URL
The Admin will take the Callback URL provided by IT and paste it into the correct place in the Factorial platform or repository (depending on where you are configuring OAuth 2.0).
Step 3: Admin Retrieves Secret ID
After pasting the Callback URL, the Admin will generate or retrieve the Client Secret (Secret ID) from the platform.
Step 4: Admin Shares Secret ID with IT
The Admin must then provide the Secret ID to the IT team, so they can use it to complete the OAuth setup and make authenticated API calls.
Step 5: Refresh Token Script
Once the OAuth flow is set up, the IT team needs to create a script that uses the refresh token. This script should run every 50 minutes to automatically refresh the token and maintain continuous access to the API without needing the user to log in again.
Rate limit
- There is a limit of 200 requests per minute for POST requests on every /api/v2 endpoints
- There is a limit of 100 request per minute for POST requests on every /api/v1 endpoints
What do we mean about required in certain properties?
Required
here means that the payload we send to the subscriber will always be present. This means: every webhook message will include the employee id, access, surname, etc.
Updated 3 months ago
What’s Next