Authenticate your API requests
To make sure that any API requests for your account are really coming from you, you'll be asked to authenticate all requests by providing an API key associated with your account.
Get your API keys
You have two API keys: One for your demo account and one for your live account.
When you make a call to PassFort, you should send one of these API keys in the header of your request. Send the API key for the account you're using at the time.
To access your API keys, follow these steps once for your demo account and once for your live account:
- Log into the Portal with your demo login details or your live login details.
- Click the Manage account icon and select API Key.
- Your API key(s) for the account you logged into are displayed. By default, there's a Master API key displayed under [Your company name] Master API Key.
Keeping your API keys a secret
The API key is how PassFort knows the request is coming from you - and not a malicious third party.
Your API keys are unique to your accounts, so when you get your API keys, you should keep them a secret.
If you need to access the PassFort API from an insecure location (e.g. the browser), contact our Support team and we’ll help find a solution.
Make a test API call
To check that you can use your API keys successfully, try making a call with each key to see if you get responses without errors.
In the header of each request you make, include a parameter called apikey that has the value of the key you want to test.
To run your test, make the call to the following endpoint once per key. The call returns the name of your API key and your institution.
"auditee_name": "Forexo Ltd Master API Key",
"name": "Forexo Ltd"
If you received a response with the API key name as the value for
auditee_name, the test worked.
If you received an error message, check that you're sending a valid API key in the header of your request, and try again.