Authentication Guide
Last updated

Authentication Guide

Let's walk through the authentication methods used by the Fluid API. Understanding and implementing these methods correctly ensures secure and authorized access to your company's data.

Authentication Method

Fluid utilizes token-based authentication for all company-related API endpoints. This token acts as a secure credential for your application.

Obtaining Your Company Token

  1. Access Admin Settings: Navigate to the Fluid Admin Settings page: https://www.fluid.app/settings/developer.
  2. Generate Company Token: Locate the Developer section and generate a new company token.

Important Note: Treat your company token with the utmost care. It grants access to your company's data within the Fluid API. Do not share it with unauthorized individuals and store it securely, preferably using environment variables or a dedicated configuration management tool.

Including the Token in Requests

Once you have your company token, include it in the Authorization header of every API request related to your company's data. The format for the header is:

Authorization: Bearer <your_company_token>

Example (curl):

curl -X GET https://api.fluid.app/v1/company/data \
  -H "Authorization: Bearer your_company_token"

Additional Considerations

  • Basic Authentication for Users: While this guide focuses on company token-based authentication, Fluid also supports basic authentication for specific user endpoints. Refer to the official Fluid API documentation for details on these endpoints and their authentication methods.
  • Security Best Practices: Always adhere to security best practices when interacting with the Fluid API. These include:
    • Protecting Your Token: Treat your company token as sensitive information.
    • Rate Limiting: Be mindful of Fluid's API rate limits to avoid throttling. Implement strategies to handle rate limits, like retry mechanisms with exponential backoff.
    • Error Handling: Properly handle errors and exceptions returned by the API for effective troubleshooting.
    • Input and Output Validation: Validate and sanitize all data sent to and received from the API to prevent security vulnerabilities.
  • Custom Authentication: In specific situations, Fluid may offer custom authentication mechanisms. Contact Fluid support for further information.

Troubleshooting

If you encounter issues with authentication, consider these steps:

  • Verify Token Validity: Ensure your company token is active and hasn't expired.
  • Check Headers: Double-check the Authorization header for proper formatting.
  • Network Configuration: Confirm your network configuration allows outbound requests to Fluid API endpoints.
  • API Documentation: Refer to the official Fluid API documentation for specific endpoint requirements and error codes.
  • Contact Support: If the problem persists, contact Fluid support for further assistance.
Previous page
Next page