Authentication
Learn how to authenticate with the Fiskil API
To access the Fiskil API, all requests must be authenticated using a bearer token. This token is obtained by exchanging your API credentials (client_id and client_secret) via the /v1/token endpoint.
Generate API Credentials
First, log in to the Fiskil Console and navigate to Settings > API Keys.
From there, you can generate your client_id and client_secret. These values are sensitive and should be stored securely.
Note: You will not be able to view your
client_secretagain after creation.
Obtain an Access Token
Make a POST request to the /v1/token endpoint with your credentials:
Request
curl --request POST https://api.fiskil.com/v1/token \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data-raw '{
"client_id": "your_client_id",
"client_secret": "your_client_secret"
}'Response
{
"token": "your_token",
"token_type": "Bearer",
"expires_in": 900
}Use the Access Token
Include the token in the Authorization header for all subsequent API requests:
curl --request GET https://api.fiskil.com/v1/end-users \
--header "Authorization: Bearer your_token"Token Expiry
Tokens are valid for 15 minutes (expires_in: 900). When your token expires, repeat the token request process to obtain a new one.
Fiskil does not support refresh tokens. Always handle token expiry on the server and regenerate securely when required.
Best Practices
- Store your
client_secretsecurely; do not expose it in frontend code or logs. - Only use server-side environments to request access tokens.
- Use HTTPS for all requests to the Fiskil API.
- Monitor for
401responses and implement automatic token renewal on expiry.
For more integration tips, see our Quickstart guide and Go Live Checklist.
Was this page helpful?