Authentication

The Platform API uses OAuth 2.0 client credentials for authentication. This guide walks you through obtaining and using access tokens.

Prerequisites

You must have access to Product Portal in the Fiskil Console to generate API keys.

Generate API credentials

Navigate to API Keys

In the Fiskil Console, navigate to API Keys in the sidebar.

Select permissions

Generate credentials with the appropriate product management scopes:

Scope	Description
`api:provider.products.read`	List and view products through internal API endpoints
`api:provider.products.write`	Create, update, and delete products

Public API endpoints are visible globally and do not require read permissions.

Store credentials securely

After generating, the Console displays a Client ID and Client Secret pair. Store these securely - you’ll need them to obtain access tokens.

The client secret is only shown once. Store it in a secure location such as secrets manager.

Obtain an access token

Exchange your client credentials for a short-lived access token:

curl -X POST https://api.fiskil.com/v1/token \
  -H "Content-Type: application/json" \
  -d '{
    "client_id": "your_client_id",
    "client_secret": "your_client_secret"
  }'

{
  "token": "eyJhbGc....",
  "expires_in": 900
}

Response fields

token

string

required

The access token to use in the Authorization header for subsequent API requests.

expires_in

integer

required

Token validity period in seconds. Default is 900 seconds (15 minutes).

Make authenticated requests

Include the access token in the Authorization header using the Bearer scheme:

curl -X GET https://api.fiskil.com/v1/data-provider/cdr/products \
  -H "Authorization: Bearer eyJhbGc...."

Tokens expire after 15 minutes. Implement token refresh logic in your application to obtain new tokens before expiry.

Error responses

Status Code	Description
`401 Unauthorized`	Invalid or expired credentials
`403 Forbidden`	Insufficient permissions for the requested scope
`429 Too Many Requests`	Rate limit exceeded

Invalid credentials

{
  "error": "invalid_client",
  "error_description": "The client credentials are invalid"
}

Solution: Verify your client ID and secret are correct and haven’t been revoked.

Insufficient permissions

{
  "error": "insufficient_scope",
  "error_description": "The access token does not have the required scope"
}

Solution: Generate new API credentials with the required scopes.

Security best practices

Never expose credentials in client-side code or version control
Rotate secrets regularly and revoke unused credentials
Use environment variables or a secrets manager for credential storage
Implement token caching to reduce authentication requests
Monitor API usage through the Console for unusual activity

GETTING STARTED

PRODUCT PORTAL

Authentication

Prerequisites

Generate API credentials

Obtain an access token

Response fields

Make authenticated requests

Error responses

Security best practices

GETTING STARTED

PRODUCT PORTAL

​Prerequisites

​Generate API credentials

​Obtain an access token

​Response fields

​Make authenticated requests

​Error responses

​Security best practices

Prerequisites

Generate API credentials

Obtain an access token

Response fields

Make authenticated requests

Error responses

Security best practices