Authorizations API

The Authorizations API provides access to your authorizations (API Tokens). Authorizations can be created via HTTP Basic authentication (POST) using your Fulcrum username and password. Other methods require authentication via an API token as either an HTTP request header or query string parameter.

Only owners may use the Authorizations API with an API token. All other users must use basic authentication.

The Authorizations API can be used to create client-side applications that do not expose your token in the source code. A username and password can be exchanged for a temporary, or non-expiring token for use with other API endpoints.

Properties

PropertyTypeRequiredReadonlyDescription
organization_idstringyesnoThe organization ID.
notestringyesnoToken use description.
user_idstringnonoThe user to authorize. If blank, the user associated with the authentication email will be used. Only owners may specify a user_id other than their own.
expires_attimestampnonoToken expiration timestamp.
timeoutnumbernonoThe number of seconds before the token expires. The timeout is limited to 86400 seconds (24 hours).
token_last_8stringnonoThe last 8 characters of the token.
last_ip_addressstringnonoThe IP Address of the last token user.
last_user_agentstringnonoThe User Agent of the last token user.
last_used_attimestampnonoTimestamp when the token was last used.
created_attimestampnonoTimestamp when the token was created.
updated_attimestampnonoTimestamp when the token was updated.
idtimestampnonoAuthorization ID.

Validations

The following properties must be included in order to create/update an authorization object in our system. Any validation errors will return a 422 and an object with a list of validation errors.

Required Properties

PropertyTypeDescriptionExample
organization_idstringThe organization ID."7a0c3378-b63a-4707-b459-df499698f23c"
notestringToken use description."Fulcrum Query Utility"

Notes

  • The POST method on the Authorizations API supports only HTTP Basic authentication while other methods require an API token as either an HTTP request header or query string parameter.

  • Adding a timeout to an authorization will set it to expire in that number of seconds from when is created. The timeout is limited to 86400 seconds (24 hours).

  • If you create an API token with an API token, the new API token timeout cannot exceed the timeout of the current token.

  • Users with the can_manage_roles permission can explicity set the user_id property to create an authorization token on behalf of another organization member, but only if that user is not a member of any other Fulcrum organizations.

Sample Response

{
  "authorization": {
    "note": "Query API",
    "expires_at": null,
    "timeout": null,
    "token_last_8": "6711296a",
    "last_ip_address": null,
    "last_user_agent": "Fulcrum/3776 (iPhone; iOS 12.1.4; Scale/3.00)",
    "created_at": "2019-03-21T19:35:15Z",
    "updated_at": "2019-03-21T19:35:17Z",
    "id": "e35e6149-d544-4701-a5b6-378763d00978",
    "last_used_at": "2019-03-21T19:35:51Z",
    "user_id": "b4704135-ae67-43d9-9092-a1fdcd3fff97"
  }
}