Quickstart for developers

PassFort automates the customer onboarding and monitoring process and brings the journey into a single portal.

You can integrate PassFort with your existing customer relationship management (CRM) systems, customer lifecycle management (CLM) systems, and data providers.

To get started with your integration:

  1. Get your API key.
  2. Run a test to make sure the key works.
To follow these steps, you need to have Read-only access for Master API key permission. To change your permissions, contact the administrator of your account.

Get your API keys

You have two API keys: One for your demo account and one for your live account.

When you make a call to PassFort, you should send one of these API keys in the header of your request. Send the API key for the account you're using at the time.

Use your demo account to try out features and test whether your configuration is working as expected. With your live account, any profiles you create count toward your profiles under management and you'll be charged for any checks you run.

To access your API keys, follow these steps once for your demo account and once for your live account:

  1. Log into the Portal with your demo login details or your live login details.
  2. Click the manage account icon and select API Key.
  3. Your API key(s) for the account you logged into are displayed. By default, there's a Master API key displayed under [Your company name] Master API Key.

    If you're integrating with multiple systems (e.g. a CRM and a transaction monitoring system), follow the steps below to issue one new API key for every system. You should do this for your demo account and your live account.

Issue and revoke API keys

If you have Read and write access for the Master API key permission, you can issue new API keys and revoke old API keys.

If you're concerned one of your Master API keys has been compromised, you should follow these steps to issue a replacement key for it and revoke the old key.
Issue a new API key
  1. Click Issue new master API key. The Issue Master API Key dialog is displayed.
  2. Enter a name for your API key into the API key name field. Choose a name that's at least six letters long.
To ensure your audit reports will be easy to read, avoid using any of the names of your users as the name of your API key.
  1. Click Issue new API key. The new key is generated and displayed at the top of the list of keys. You can begin using it in your integration immediately.
Revoke an API key
Before revoking an API key, you may want to ensure the key is not being used anywhere in your integration. Once you revoke the API key, any integration using it will stop working immediately, and it is not possible to re-issue an API key that has been revoked.
  1. Click the Delete icon next to the key.
  2. A confirmation dialog is displayed to let you know that this action cannot be undone.
  3. Click Yes, permanently revoke API key. The key is revoked and removed from your list of API keys.

Keeping your API keys a secret

The API key is how PassFort knows the request is coming from you - and not a malicious third party.

Your API keys are unique to your accounts, so when you get your API keys, you should keep them a secret.

If you need to access the PassFort API from an insecure location (e.g. the browser), contact our Support team and we’ll help find a solution.

Make a test API call

To check that you can use your API keys successfully, try making a call with each key to see if you get responses without errors.

In the header of each request you make, include a parameter called apikey that has the value of the key you want to test.

For example: "apikey": "adc5788e3b7fecc161d2a36916750ee10480a8c75841bd"

This example is not a real API key, so it's not possible to use it to make calls.

To run your test, make the call to the following endpoint once per key. The call returns the name of your API key and your institution.

Request endpoint:

GET https://api.passfort.com/4.0/whoami

Sample response:

"auditee_name": "Forexo Ltd Master API Key",
"institution": {
"id": "6bba3592-d9de-1ee5-8e97-ba8d8d13c558",
"logo_url": null,
"name": "Forexo Ltd"
"user": null

If you received a response with the API key name as the value for auditee_name, the test worked.

If you received an error message, check that you're sending a valid API key in the header of your request, and try again.

Start building your integration

Profiles are at the core of the PassFort API. They correspond to the individuals and companies applying for your products.

Profiles make product applications to see if they're qualified to use your products.

Each product application has its own lifecycle, so you should create your records at the application level.

Even if you only have one product that profiles can apply for, a data structure that has applications at the top future-proofs your system.

Get to know the product application lifecycle

Learn how applications work in the API and which webhooks you should listen to during the application process.

> Manage product applications

Try creating a profile

Want to dive right in? Follow these steps to create your first profile.

> Create profiles

See the developer guides to learn how to perform common actions.

Use the API reference to get a list of every call you can make, along with the required and optional fields you can send and receive.

Check out Configuring webhooks to get a list of the events you can listen to and instructions to set them up.

The other documentation on this site includes examples of requests. When making the requests, you should always send the apikey in the header with the value of your key.

How did we do?

Powered by HelpDocs (opens in a new tab)