Authentication Guide
Last updated

Authentication Guide

Let's walk through the authentication methods used by the Fluid API. Understanding and implementing these methods correctly ensures secure and authorized access to your company's data.

Authentication Methods

Fluid utilizes token-based authentication for all company-related API endpoints. We support two types of company authentication tokens:

Company Tokens

Company tokens provide full administrative access to your company's data and settings.

Partner Tokens

Partner tokens provide company-level API access and are ideal for third-party integrations and automated systems. Partner tokens can be managed programmatically and support expiration dates for enhanced security.

Obtaining Your Authentication Token

Company Token

  1. Access Admin Settings: Navigate to the Fluid Admin Settings page: https://www.fluid.app/settings/developer.
  2. Generate Company Token: Locate the Developer section and generate a new company token.

Partner Token

  1. Use the Partner Tokens API: Create partner tokens programmatically using the /api/v2025-06/partner_tokens endpoint.
  2. Set Label and Expiration: Provide a descriptive label and optional expiration date for better token management.

Important Note: Treat your authentication tokens with the utmost care. They grant access to your company's data within the Fluid API. Do not share them with unauthorized individuals and store them securely, preferably using environment variables or a dedicated configuration management tool.

Including the Token in Requests

Once you have your authentication token (either company or partner token), include it in the Authorization header of every API request related to your company's data. The format for the header is:

Authorization: Bearer <your_token>

Example (curl):

curl -X GET https://api.fluid.app/v1/company/data \
  -H "Authorization: Bearer your_company_token"

Additional Considerations

  • Basic Authentication for Users: While this guide focuses on company token-based authentication, Fluid also supports basic authentication for specific user endpoints. Refer to the official Fluid API documentation for details on these endpoints and their authentication methods.
  • Security Best Practices: Always adhere to security best practices when interacting with the Fluid API. These include:
    • Protecting Your Token: Treat your company token as sensitive information.
    • Rate Limiting: Be mindful of Fluid's API rate limits to avoid throttling. Implement strategies to handle rate limits, like retry mechanisms with exponential backoff.
    • Error Handling: Properly handle errors and exceptions returned by the API for effective troubleshooting.
    • Input and Output Validation: Validate and sanitize all data sent to and received from the API to prevent security vulnerabilities.
  • Custom Authentication: In specific situations, Fluid may offer custom authentication mechanisms. Contact Fluid support for further information.

Troubleshooting

If you encounter issues with authentication, consider these steps:

  • Verify Token Validity: Ensure your company token is active and hasn't expired.
  • Check Headers: Double-check the Authorization header for proper formatting.
  • Network Configuration: Confirm your network configuration allows outbound requests to Fluid API endpoints.
  • API Documentation: Refer to the official Fluid API documentation for specific endpoint requirements and error codes.
  • Contact Support: If the problem persists, contact Fluid support for further assistance.
Previous page
Next page