FiskilFiskilFiskil DocsFiskil Docs
Log InSign Up
GuidesAPI ReferenceChangelog

Mobile menu

HomeFiskilFiskil
Log InSign Up
Introduction

Getting Started

AuthenticationErrorsPagination

CORE RESOURCES

Linking Accounts

BANKING API

ENERGY API

IDENTITY

Authentication

Learn how to authenticate your API requests with Fiskil.

AI Actions

Fiskil uses client-based authentication to secure API access. To interact with our APIs, you'll need a client_id and client_secret. You can generate and manage these credentials directly from the Fiskil Developer Console.

Authentication Endpoint

POST https://api.fiskil.com/v1/token

Authenticating Your API Requests

All API requests must include your client_id and client_secret in the request body.

Important: All requests must be made over HTTPS. Any attempts to connect via HTTP will be automatically rejected to ensure your data remains secure.

Request Parameters

ParameterTypeRequiredDescription
client_idstringYesThe generated client_id associated with your Team's API key
client_secretstringYesThe generated client_secret associated with your Team's API key

Example Request

curl --request POST \
  --url https://api.fiskil.com/v1/token \
  --header 'accept: application/json; charset=UTF-8' \
  --header 'content-type: application/json; charset=UTF-8' \
  --data '{
    "client_id": "{client_id}",
    "client_secret": "{client_secret}"
  }'
const response = await fetch('https://api.fiskil.com/v1/token', {
  method: 'POST',
  headers: {
    'accept': 'application/json; charset=UTF-8',
    'content-type': 'application/json; charset=UTF-8'
  },
  body: JSON.stringify({
    client_id: '{client_id}',
    client_secret: '{client_secret}'
  })
});

const data = await response.json();
console.log(data.token);
import requests

response = requests.post(
    'https://api.fiskil.com/v1/token',
    headers={
        'accept': 'application/json; charset=UTF-8',
        'content-type': 'application/json; charset=UTF-8'
    },
    json={
        'client_id': '{client_id}',
        'client_secret': '{client_secret}'
    }
)

data = response.json()
print(data['token'])

Example Response

{
  "token": "yMWExMjJhLWEwZGQtNDVmYi1hMWY3LWMzODE4NmI3NmNyMWExMjJhLWEwZGQtNDVmYi1hMWY3LWMzODE4NmI3NmNjZCIsIlRva2VuVVVJRCI6ImUwMmUyMmFmLWUxMDMtNGU1OS1hNjViLWQyZGQwYWY5MGVhZSIsIktleUlEIjoiZmMwYjQyNGUtZWYxNC00MTA4LWIwMTQtZDRkOWI5ZjU4ZmVlIiwiZXhwIjoxNjIxMDgzNzg1LCJpYXQiOjE2MjEwODMxODVgd7QI7_O18P9gfCuEUnKjS0BJw4kb9ul_aFUPTWt0UcZTFwND_X4KcM7Es_eLSkKem7NM_63rhghzBofH7POsQ",
  "expires_in": 900
}

Using the Access Token

Once authenticated, include the token in the Authorization header for all subsequent API requests:

curl --request GET \
  --url https://api.fiskil.com/v1/end-users \
  --header 'Authorization: Bearer {access_token}' \
  --header 'accept: application/json; charset=UTF-8'

Keeping Your Credentials Secure

Your client_id and client_secret are the keys to your account, so treat them with care. Here are a few best practices to help keep them safe:

  • Never hardcode your credentials in your source code.
  • Avoid storing them in public or private version control systems (like GitHub, even in private repos).
  • Use environment variables or a secure secrets management system (like AWS Secrets Manager or HashiCorp Vault).
  • Rotate your client_secret regularly and immediately if you suspect any compromise.

If your credentials are exposed or compromised, revoke them immediately from the Developer Console and generate new ones.

Token Expiration

Access tokens expire after the time specified in expires_in (in seconds). When your token expires, you'll need to re-authenticate to obtain a new one.

Typical token lifetime is 900 seconds (15 minutes).

Was this page helpful?

Auth SessionBalance

On this page

Authentication EndpointAuthenticating Your API RequestsRequest ParametersExample RequestExample ResponseUsing the Access TokenKeeping Your Credentials SecureToken Expiration