To authenticate requests, you must provide your API key or personal access token as a bearer token in the Authorization header.

"Authorization": "Bearer <API key>"

Generating an API key

API keys can be generated by navigating to FirstQuadrant -> Settings -> Apps and enabling “FirstQuadrant API”. You will see the API key once once after enabling the API, so please make sure to copy it and store it in a safe place.

API keys contain the prefix fqa_live_ and are in the format fqa_live_<alphanumeric>:int_<alphanumeric>.

Note that API keys are scoped to a team, so you will be unable to make requests to /users endpoints. If you would like to access both your user account and any teams you are associated with, use a personal access token.

Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly-available places such as client-side code or commit them to your repository’s source code. We recommend using a secrets manager such as Doppler or Infisical to store your API keys.

Authorization errors

If you do not provide an API key or personal access token when making a request, you will receive a 401 Unauthorized response. If your API key does not have the necessary scopes to perform an action, you will receive a 403 Forbidden response.