Ctrlk
Contact Us

Generate an API Token

Finout API is fully secured using a secret key and client token, which can be managed from your Finout account. When you generate the API token, it creates both a secret key and a client ID (token). These parameters will be passed in the Authorization header when invoking any Finout API methods.

API tokens vs. personal tokens

Finout supports two types of tokens for API authentication:

  • API token — Account-level credentials used for service-to-service integrations. Consists of a Client ID and a Secret Key passed in request headers.

  • Personal token — User-level credentials tied to your individual Finout user. Use personal tokens when you want API access scoped to your own user identity and permissions.

Only Admins can create open the Admin Portal and generate API tokens.

Generate a personal token

  1. Select your profile from the user dropdown on the top left of any screen in Finout.

  1. Click Admin Portal.

  2. Select Personal Tokens.

  1. Click Generate Token.

  2. Enter a Description, select a Role, and choose a token expiration.

  3. Click Create. Your token is generated.

  4. Copy the Client ID and the Secret Key — these won't be accessible after you close this window.

  5. Add the Client ID and Secret Key in your request headers:

    • x-finout-client-id

    • x-finout-secret-key

Generate an API token

  1. Select your profile from the user dropdown on the top left of any screen in Finout.

  2. Click Admin Portal. The Profile window appears.

  3. Select API Tokens. The API Token screen appears.

  4. Click Generate Token. The Generate Token window appears.

  5. Enter a Description, choose a Role, choose token expiration, and click Create. Your token is generated.

  6. Copy the Client ID and the Secret Key, which won't be accessible later, and then click Done.

  7. Add the Client ID and Secret Key in Headers when invoking any of the Finout endpoints:

    • x-finout-client-id

    • x-finout-secret-key

FAQs

What happens to a user's personal tokens if they are removed from the account?

Personal tokens are tied to the individual user. When a user is removed from the account, their personal tokens are automatically deleted.

Does a personal token respect the user's role and data access permissions?

Yes. Personal tokens include the user's context — including their assigned roles and permissions within the account. Any API call made with a personal token is subject to the same access controls as the user who created it.

What is the difference between an API token and a personal token?

API tokens are account-level credentials, not tied to any specific user. Personal tokens are user-level credentials scoped to the individual who created them, and they carry that user's permissions. Use API tokens for service-to-service integrations; use personal tokens when the API call should reflect a specific user's identity and access.

Can I view a token secret after it's been created?

No. The secret key is only visible at the time of creation. Copy and store it securely before closing the window — it cannot be retrieved afterward.

Can a token expire?

Yes. You can set an expiration period when creating the token. Once expired, the token is no longer valid and a new one must be generated.

PreviousFinout APINextFinout API V1

Last updated

Was this helpful?