Authentication & API Access
This page describes how authentication works when integrating with the Fyre API and what partners need to know before using it.
API access is managed centrally by Fyre and enabled progressively as the integration matures.
API access model
Fyre uses a simple API key–based authentication model.
Each partner is assigned a dedicated API key that is used to authenticate all API requests. The API key identifies the partner and determines which operations and datasets can be accessed.
Fyre is responsible for generating the API key, managing its validity and scope, and communicating it securely to the partner. Partners are not responsible for generating or rotating API keys themselves.
When API access is granted
API access may be enabled at different stages of the integration, depending on the agreed setup.
During the preparation phase, API access can be granted to allow delivery of the initial one-month transactional data sample for validation and alignment.
Once the preparation phase is completed and approved, API access can be expanded to support production data delivery and additional API capabilities as they become available.
Environment
At this time, Fyre operates a single API environment.
All API interactions, including preparation activities and production usage, take place within this environment. Access is controlled through API keys and scoped permissions rather than separate environments.
If additional environments are introduced in the future, this will be communicated and documented accordingly.
When API access is granted
API access may be enabled at different stages of the integration, depending on the agreed setup.
During the preparation phase, API access can be granted to allow delivery of the initial one-month transactional data sample.
Once the preparation phase is completed and approved, API access can be expanded to support production data delivery and additional API capabilities as they become available.
How to authenticate requests
All authenticated API requests must include the API key in the request headers.
The API key must be passed using the following header:
Requests without a valid API key, or with an invalid or expired key, will be rejected.
API key usage guidelines
The API key must be treated as a secret.
It should not be exposed in client-side code or public repositories and must only be used within the agreed integration scope. API keys must not be shared across unrelated systems or environments.
If an API key is compromised or suspected to be exposed, Fyre should be notified immediately so the key can be revoked and replaced.
Access scope over time
The same authentication mechanism is used throughout the lifecycle of the integration, but access scope may evolve.
During the preparation phase, API access may be limited to initial data delivery and integration activities.
Once production onboarding is completed, API access may be expanded to include historical data delivery, ongoing daily ingestion, and access to additional partner-facing features.
Any changes to access scope are coordinated directly with the partner.
Last updated