API ReferenceGuides
Introduction
Getting Started
Authentication
Changelog
Errors
Pagination

Core Resources

Institutions
Permissions
Linking Accounts
End User
Consents
Auth Session

Banking Api

Introduction
Accounts
Balance
Transactions
Products
Payee
Direct Debits
Scheduled Payments

Energy Api

Introduction
Accounts
Balances
DER
Invoices
Service Points
Usage
Billing
Concessions
Plans
Payment Schedule

Common api

Identity

Authentication

Fiskil uses client-based authentication to secure API access. To interact with our APIs, you'll need a client_id and client_secret. You can generate and manage these credentials directly from the Fiskil Developer Console.

Authentication

post/token

Authenticating Your API Requests

All API requests must include your client_id and client_secret in the request body. Here's a quick example of how to structure your request:

Important: All requests must be made over HTTPS. Any attempts to connect via HTTP will be automatically rejected to ensure your data remains secure.

Keeping Your Credentials Secure

Your client_id and client_secret are the keys to your account, so treat them with care. Here are a few best practices to help keep them safe:

  • Never hardcode your credentials in your source code.
  • Avoid storing them in public or private version control systems (like GitHub, even in private repos).
  • Use environment variables or a secure secrets management system (like AWS Secrets Manager or HashiCorp Vault).
  • Rotate your client_secret regularly and immediately if you suspect any compromise.

If your credentials are exposed or compromised, revoke them immediately from the Developer Console and generate new ones.

POST

/token

Authentication

Authenticate user on platform

Parameters

client_idstringrequired

The generated client_id associated with your Team’s API key

client_secretstringrequired

The generated client_secret associated with your Team’s API key

Request
POST/token
curl --request POST \
     --url https://api.fiskil.com/v1/token \
     --header 'accept: application/json; charset=UTF-8' \
     --header 'content-type: application/json; charset=UTF-8' \
     --data '
{
    "client_id": "{client_id}",
    "client_secret": "{client_secret}"
}
'
Response
{
    "token": "yMWExMjJhLWEwZGQtNDVmYi1hMWY3LWMzODE4NmI3NmNyMWExMjJhLWEwZGQtNDVmYi1hMWY3LWMzODE4NmI3NmNjZCIsIlRva2VuVVVJRCI6ImUwMmUyMmFmLWUxMDMtNGU1OS1hNjViLWQyZGQwYWY5MGVhZSIsIktleUlEIjoiZmMwYjQyNGUtZWYxNC00MTA4LWIwMTQtZDRkOWI5ZjU4ZmVlIiwiZXhwIjoxNjIxMDgzNzg1LCJpYXQiOjE2MjEwODMxODVgd7QI7_O18P9gfCuEUnKjS0BJw4kb9ul_aFUPTWt0UcZTFwND_X4KcM7Es_eLSkKem7NM_63rhghzBofH7POsQ",
    "expires_in": 600
}

Was this page helpful?