Authorizations API

The Authorizations API provides access to your authorizations (API Tokens). Authorizations can be created via HTTP Basic authentication (POST) using your Fulcrum username and password. Other methods require authentication via an API token as either an HTTP request header or query string parameter.

The Authorizations API can be used to create client-side applications that do not expose your token in the source code. A username and password can be exchanged for a temporary, or non-expiring token for use with other API endpoints.


organization_idstringyesnoThe organization ID.
notestringyesnoToken use description.
user_idstringnonoThe user to authorize. If blank, the user associated with the authentication email will be used.
expires_attimestampnonoToken expiration timestamp.
timeoutnumbernonoThe number of seconds before the token expires.
token_last_8stringnonoThe last 8 characters of the token.
last_ip_addressstringnonoThe IP Address of the last token user.
last_user_agentstringnonoThe User Agent of the last token user.
last_used_attimestampnonoTimestamp when the token was last used.
created_attimestampnonoTimestamp when the token was created.
updated_attimestampnonoTimestamp when the token was updated.
idtimestampnonoAuthorization ID.


The following properties must be included in order to create/update an authorization object in our system. Any validation errors will return a 422 and an object with a list of validation errors.

Required Properties

organization_idstringThe organization ID."7a0c3378-b63a-4707-b459-df499698f23c"
notestringToken use description."Fulcrum Query Utility"


  • The POST method on the Authorizations API supports only HTTP Basic authentication while other methods require an API token as either an HTTP request header or query string parameter.

  • Adding a timeout to an authorization will set it to expire in that number of seconds from when is created.

  • Using an authorization with a set timeout will push back its expiration that number of seconds from when it is used, effectively allowing you to create an authorization with a short timeout that keeps working as long as you use it.

  • Omitting a timeout when creating an authorization (or setting it to null) will create an authorization that never expires.

  • Users with the can_manage_roles permission can explicity set the user_id property to create an authorization token on behalf of another organization member, but only if that user is not a member of any other Fulcrum organizations.

Sample Response

  "authorization": {
    "note": "Query API",
    "expires_at": null,
    "timeout": null,
    "token_last_8": "6711296a",
    "last_ip_address": null,
    "last_user_agent": "Fulcrum/3776 (iPhone; iOS 12.1.4; Scale/3.00)",
    "created_at": "2019-03-21T19:35:15Z",
    "updated_at": "2019-03-21T19:35:17Z",
    "id": "e35e6149-d544-4701-a5b6-378763d00978",
    "last_used_at": "2019-03-21T19:35:51Z",
    "user_id": "b4704135-ae67-43d9-9092-a1fdcd3fff97"