Authentication
Using API key based authentication with the FirstQuadrant API
To authenticate requests, you must provide your API key or personal access token as a bearer token in the Authorization
header.
"Authorization": "Bearer <API key>"
Generating an API key
API keys can be generated by navigating to FirstQuadrant -> Settings -> Apps and enabling “FirstQuadrant API”. You will see the API key once once after enabling the API, so please make sure to copy it and store it in a safe place.
API keys contain the prefix fqa_live_
and are in the format fqa_live_<alphanumeric>:int_<alphanumeric>
.
Note that API keys are scoped to a team, so you will be unable to make requests to /users
endpoints. If you would like to access both your user account and any teams you are associated with, use a personal access token.
Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly-available places such as client-side code or commit them to your repository’s source code. We recommend using a secrets manager such as Doppler or Infisical to store your API keys.
Authorization errors
If you do not provide an API key or personal access token when making a request, you will receive a 401 Unauthorized response. If your API key does not have the necessary scopes to perform an action, you will receive a 403 Forbidden response.