Authentication

To access the Fiskil API, all requests must be authenticated using a bearer token. This token is obtained by exchanging your API credentials (client_id and client_secret) via the /v1/token endpoint.

Generate API Credentials

First, log in to the Fiskil Console and navigate to Settings > API Keys.

From there, you can generate your client_id and client_secret. These values are sensitive and should be stored securely.

Note: You will not be able to view your client_secret again after creation.

Obtain an Access Token

Make a POST request to the /v1/token endpoint with your credentials:

Request

curl --request POST https://api.fiskil.com/v1/token \
  --header 'Content-Type: application/json' \
  --header 'Accept: application/json' \
  --data-raw '{
    "client_id": "your_client_id",
    "client_secret": "your_client_secret"
  }'

Response

{
  "access_token": "your_access_token",
  "token_type": "Bearer",
  "expires_in": 3600
}

Use the Access Token

Include the access_token in the Authorization header for all subsequent API requests:

curl --request GET https://api.fiskil.com/v1/end-users \
  --header "Authorization: Bearer your_access_token"

Token Expiry

Tokens are valid for one hour (expires_in: 3600). When your token expires, repeat the token request process to obtain a new one.

Fiskil does not support refresh tokens. Always handle token expiry on the server and regenerate securely when required.

Best Practices

• Store your client_secret securely; do not expose it in frontend code or logs.
• Only use server-side environments to request access tokens.
• Use HTTPS for all requests to the Fiskil API.
• Monitor for 401 responses and implement automatic token renewal on expiry.

For more integration tips, see our Quickstart guide and Go Live Checklist.