.png?height=120&name=Firefish_Icon_2019_RGB_72dpi%20(2).png){kind=icon}
Our API uses OAuth for authentication via the client credentials flow, issuing bearer tokens that expire every 10 minutes for enhanced security and compliance.
Contents
- How Our API Authentication Works
- Why Do Bearer Tokens Expire?
- Managing Token Expiry
- Managing Tokens for Business Applications
- Options for Managing Tokens
- Full Developer Documentation
How Our API Authentication Works
Clients access our API using OAuth, specifically the client credentials flow. By requesting bearer tokens, applications can securely interact with the API. You can share tokens without revealing the underlying credentials.
Why Do Bearer Tokens Expire?
Bearer tokens allow for secure transmission between systems or users without exposing sensitive login information. However, like API keys and passwords tokens carry a degree of risk, such as leaks and theft. Attackers can exploit leaked tokens. To mitigate risks, tokens expire every 10 minutes.
Managing Token Expiry
To prevent stale tokens from posing security risks, we enforce short token lifetimes. This reduces the chance of unauthorized access from dormant accounts and ensures compliance with GDPR and similar data protection regulations.
Managing Tokens for Business Applications
Given that our tokens expire every 10 minutes, it is important to develop strategies for token management, especially if you are using analytics tools like Excel, PowerBI, or Tableau. These platforms support API access but often require custom integration for APIs with expiring tokens.
Options for Managing Tokens
- Building a Custom Application
Using OAuth and REST APIs, you can integrate Firefish data into custom applications like websites or mobile apps. This is ideal for bespoke solutions tailored to your workflow. - Extending Your Analytics Tool
Analytics platforms like PowerBI and Excel provide SDKs or scripting languages to build connectors for managing token access. This is a great option for teams with development expertise. - Building a Data Warehouse Integration
If your team has IT and analytics expertise, consider creating a data orchestration tool or application to import data into an intermediate source. This approach centralizes data management and ensures analysts do not need coding knowledge.
No matter the approach, consider the security requirements of your application. OAuth is a versatile authentication method that supports integration with multiple platforms, making it ideal for a wide range of solutions.