Authentication
You'll need to authenticate your requests to access most of the endpoints in the Felloh API.
Requests to our API need to be authorised using a JWT token, JWT is an open standard designed to allow powerful server-to-server authentication.
Authenticating your requests
You can generate a public and private key from the felloh dashboard and can generate further keys via the API or dashboard (if your initial token has permission to do so).
Felloh uses public & private keys to generate a JWT bearer token to allow you to access our API's.
Once you have generated a public and private key using our dashboard, you can generate a Bearer token to make requests against our API.
Authentication Request
POST
https://api.felloh.com/token<div class="syntax-highlighter"><pre style="color:#d4d4d4;font-size:13px;text-shadow:none;font-family:Menlo, Monaco, Consolas, "Andale Mono", "Ubuntu Mono", "Courier New", monospace;direction:ltr;text-align:left;white-space:pre;word-spacing:normal;word-break:normal;line-height:1.5;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-hyphens:none;-moz-hyphens:none;-ms-hyphens:none;hyphens:none;padding:1em;margin:.5em 0;overflow:auto;background:#1b0f27"><code class="language-js" style="white-space:pre;color:#d4d4d4;font-size:13px;text-shadow:none;font-family:Menlo, Monaco, Consolas, "Andale Mono", "Ubuntu Mono", "Courier New", monospace;direction:ltr;text-align:left;word-spacing:normal;word-break:normal;line-height:1.5;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-hyphens:none;-moz-hyphens:none;-ms-hyphens:none;hyphens:none"><span class="token" style="color:#c586c0">import</span><span> </span><span class="token">axios</span><span> </span><span class="token" style="color:#c586c0">from</span><span> </span><span class="token" style="color:#ce9178">'axios'</span><span class="token" style="color:#d4d4d4">;</span><span> </span> <span></span><span class="token" style="color:#569CD6">const</span><span> </span><span class="token function-variable" style="color:#c0a9e5">getToken</span><span> </span><span class="token" style="color:#d4d4d4">=</span><span> </span><span class="token" style="color:#569CD6">async</span><span> </span><span class="token" style="color:#d4d4d4">(</span><span class="token" style="color:#d4d4d4">)</span><span> </span><span class="token" style="color:#569CD6">=></span><span> </span><span class="token" style="color:#d4d4d4">{</span><span> </span><span> </span><span class="token" style="color:#569CD6">const</span><span> response </span><span class="token" style="color:#d4d4d4">=</span><span> </span><span class="token" style="color:#c586c0">await</span><span> </span><span class="token" style="color:#c0a9e5">axios</span><span class="token" style="color:#d4d4d4">(</span><span class="token" style="color:#d4d4d4">{</span><span> </span><span> </span><span class="token literal-property" style="color:#9cdcfe">method</span><span class="token" style="color:#d4d4d4">:</span><span> </span><span class="token" style="color:#ce9178">'post'</span><span class="token" style="color:#d4d4d4">,</span><span> </span><span> </span><span class="token literal-property" style="color:#9cdcfe">url</span><span class="token" style="color:#d4d4d4">:</span><span> </span><span class="token" style="color:#ce9178">'https://api.felloh.com/token'</span><span class="token" style="color:#d4d4d4">,</span><span> </span><span> </span><span class="token literal-property" style="color:#9cdcfe">headers</span><span class="token" style="color:#d4d4d4">:</span><span> </span><span class="token" style="color:#d4d4d4">{</span><span> </span><span> </span><span class="token string-property" style="color:#9cdcfe">'Content-Type'</span><span class="token" style="color:#d4d4d4">:</span><span> </span><span class="token" style="color:#ce9178">'application/json'</span><span> </span><span> </span><span class="token" style="color:#d4d4d4">}</span><span class="token" style="color:#d4d4d4">,</span><span> </span><span> </span><span class="token literal-property" style="color:#9cdcfe">data</span><span class="token" style="color:#d4d4d4">:</span><span> </span><span class="token known-class-name" style="color:#4ec9b0">JSON</span><span class="token" style="color:#d4d4d4">.</span><span class="token method property-access" style="color:#c0a9e5">stringify</span><span class="token" style="color:#d4d4d4">(</span><span class="token" style="color:#d4d4d4">{</span><span> </span><span> </span><span class="token string-property" style="color:#9cdcfe">"public_key"</span><span class="token" style="color:#d4d4d4">:</span><span> process</span><span class="token" style="color:#d4d4d4">.</span><span class="token property-access">env</span><span class="token" style="color:#d4d4d4">.</span><span class="token" style="color:#9cdcfe">PUBLIC_KEY</span><span class="token" style="color:#d4d4d4">,</span><span> </span><span> </span><span class="token string-property" style="color:#9cdcfe">"private_key"</span><span class="token" style="color:#d4d4d4">:</span><span> process</span><span class="token" style="color:#d4d4d4">.</span><span class="token property-access">env</span><span class="token" style="color:#d4d4d4">.</span><span class="token" style="color:#9cdcfe">PRIVATE_KEY</span><span class="token" style="color:#d4d4d4">,</span><span> </span><span> </span><span class="token" style="color:#d4d4d4">}</span><span class="token" style="color:#d4d4d4">,</span><span> </span><span> </span><span class="token" style="color:#d4d4d4">)</span><span class="token" style="color:#d4d4d4">,</span><span> </span><span> </span><span class="token" style="color:#d4d4d4">}</span><span class="token" style="color:#d4d4d4">)</span><span class="token" style="color:#d4d4d4">;</span><span> </span> <span> </span><span class="token" style="color:#c586c0">return</span><span> response</span><span class="token" style="color:#d4d4d4">.</span><span class="token property-access">data</span><span class="token" style="color:#d4d4d4">;</span><span> </span><span></span><span class="token" style="color:#d4d4d4">}</span><span class="token" style="color:#d4d4d4">;</span><span> </span></code></pre></div>
<div class="syntax-highlighter"><pre style="color:#d4d4d4;font-size:13px;text-shadow:none;font-family:Menlo, Monaco, Consolas, "Andale Mono", "Ubuntu Mono", "Courier New", monospace;direction:ltr;text-align:left;white-space:pre;word-spacing:normal;word-break:normal;line-height:1.5;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-hyphens:none;-moz-hyphens:none;-ms-hyphens:none;hyphens:none;padding:1em;margin:.5em 0;overflow:auto;background:#1b0f27"><code class="language-json" style="white-space:pre;color:#d4d4d4;font-size:13px;text-shadow:none;font-family:Menlo, Monaco, Consolas, "Andale Mono", "Ubuntu Mono", "Courier New", monospace;direction:ltr;text-align:left;word-spacing:normal;word-break:normal;line-height:1.5;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-hyphens:none;-moz-hyphens:none;-ms-hyphens:none;hyphens:none"><span class="token" style="color:#d4d4d4">{</span><span>
</span><span> </span><span class="token" style="color:#9cdcfe">"data"</span><span class="token" style="color:#d4d4d4">:</span><span> </span><span class="token" style="color:#d4d4d4">{</span><span>
</span><span> </span><span class="token" style="color:#9cdcfe">"expiry_time"</span><span class="token" style="color:#d4d4d4">:</span><span> </span><span class="token" style="color:#b5cea8">1657485864</span><span class="token" style="color:#d4d4d4">,</span><span>
</span><span> </span><span class="token" style="color:#9cdcfe">"type"</span><span class="token" style="color:#d4d4d4">:</span><span> </span><span class="token" style="color:#ce9178">"BEARER"</span><span class="token" style="color:#d4d4d4">,</span><span>
</span><span> </span><span class="token" style="color:#9cdcfe">"token"</span><span class="token" style="color:#d4d4d4">:</span><span> </span><span class="token" style="color:#ce9178">"vXdvRb0DIw9DSnC4NCeCWmjmI5dJmeMrl0Esg2HG6EeaHZmcaYtymifw7YVCySCAuAEpruJx8fZBAX0FYmhfOc5WSzp9uDRQ3xdC06JTIDLVVmngvfFRkxCsPaV4oqmYCZcwe6oldLhWZnHE2EPUbc7OG3W3klyGQg8u00UmwqXeLIgA8CryoNGgA3Y3mitxKV7Y2uhlmPySP0BQ1K64ml8bJMLoLbQj3PMpt1eKwJdlETCTRjW"</span><span>
</span><span> </span><span class="token" style="color:#d4d4d4">}</span><span class="token" style="color:#d4d4d4">,</span><span>
</span><span> </span><span class="token" style="color:#9cdcfe">"errors"</span><span class="token" style="color:#d4d4d4">:</span><span> </span><span class="token" style="color:#d4d4d4">[</span><span class="token" style="color:#d4d4d4">]</span><span class="token" style="color:#d4d4d4">,</span><span>
</span><span> </span><span class="token" style="color:#9cdcfe">"meta"</span><span class="token" style="color:#d4d4d4">:</span><span> </span><span class="token" style="color:#d4d4d4">{</span><span>
</span><span> </span><span class="token" style="color:#9cdcfe">"code"</span><span class="token" style="color:#d4d4d4">:</span><span> </span><span class="token" style="color:#b5cea8">200</span><span class="token" style="color:#d4d4d4">,</span><span>
</span><span> </span><span class="token" style="color:#9cdcfe">"reason"</span><span class="token" style="color:#d4d4d4">:</span><span> </span><span class="token" style="color:#ce9178">"OK"</span><span class="token" style="color:#d4d4d4">,</span><span>
</span><span> </span><span class="token" style="color:#9cdcfe">"message"</span><span class="token" style="color:#d4d4d4">:</span><span> </span><span class="token" style="color:#ce9178">"The request was successful"</span><span class="token" style="color:#d4d4d4">,</span><span>
</span><span> </span><span class="token" style="color:#9cdcfe">"request_id"</span><span class="token" style="color:#d4d4d4">:</span><span> </span><span class="token" style="color:#ce9178">"10610d99-42cf-41dd-9d23-128df906544c"</span><span>
</span><span> </span><span class="token" style="color:#d4d4d4">}</span><span>
</span><span></span><span class="token" style="color:#d4d4d4">}</span><span>
</span></code></pre></div>Using Bearer Token
To make an authenticated request, add the Authorization header with the bearer token to your HTTP request to the Felloh API.
An Example Authenticated Request
POST
https://api.felloh.com/agent/transactions${transactionID}/refund<div class="syntax-highlighter"><pre style="color:#d4d4d4;font-size:13px;text-shadow:none;font-family:Menlo, Monaco, Consolas, "Andale Mono", "Ubuntu Mono", "Courier New", monospace;direction:ltr;text-align:left;white-space:pre;word-spacing:normal;word-break:normal;line-height:1.5;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-hyphens:none;-moz-hyphens:none;-ms-hyphens:none;hyphens:none;padding:1em;margin:.5em 0;overflow:auto;background:#1b0f27"><code class="language-js" style="white-space:pre;color:#d4d4d4;font-size:13px;text-shadow:none;font-family:Menlo, Monaco, Consolas, "Andale Mono", "Ubuntu Mono", "Courier New", monospace;direction:ltr;text-align:left;word-spacing:normal;word-break:normal;line-height:1.5;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-hyphens:none;-moz-hyphens:none;-ms-hyphens:none;hyphens:none"><span class="token" style="color:#569CD6">const</span><span> transactionID </span><span class="token" style="color:#d4d4d4">=</span><span> </span><span class="token" style="color:#b5cea8">123</span><span class="token" style="color:#d4d4d4">-</span><span class="token" style="color:#b5cea8">123</span><span class="token" style="color:#d4d4d4">;</span><span> </span><span></span><span class="token" style="color:#569CD6">const</span><span> bearerToken </span><span class="token" style="color:#d4d4d4">=</span><span> </span><span class="token" style="color:#ce9178">'Bearer token from authentication request'</span><span class="token" style="color:#d4d4d4">;</span><span> </span> <span></span><span class="token" style="color:#569CD6">const</span><span> response </span><span class="token" style="color:#d4d4d4">=</span><span> </span><span class="token" style="color:#c586c0">await</span><span> </span><span class="token" style="color:#c0a9e5">axios</span><span class="token" style="color:#d4d4d4">(</span><span> </span><span> </span><span class="token" style="color:#d4d4d4">{</span><span> </span><span> </span><span class="token literal-property" style="color:#9cdcfe">method</span><span class="token" style="color:#d4d4d4">:</span><span> </span><span class="token" style="color:#ce9178">'post'</span><span class="token" style="color:#d4d4d4">,</span><span> </span><span> </span><span class="token literal-property" style="color:#9cdcfe">url</span><span class="token" style="color:#d4d4d4">:</span><span> </span><span class="token template-string template-punctuation" style="color:#ce9178">`</span><span class="token template-string" style="color:#ce9178">https://api.felloh.com/agent/transactions</span><span class="token template-string" style="color:#569cd6">${</span><span class="token template-string" style="color:#9cdcfe">transactionID</span><span class="token template-string" style="color:#569cd6">}</span><span class="token template-string" style="color:#ce9178">/refund</span><span class="token template-string template-punctuation" style="color:#ce9178">`</span><span class="token" style="color:#d4d4d4">,</span><span> </span><span> </span><span class="token literal-property" style="color:#9cdcfe">data</span><span class="token" style="color:#d4d4d4">:</span><span> </span><span class="token" style="color:#d4d4d4">{</span><span> amount </span><span class="token" style="color:#d4d4d4">}</span><span class="token" style="color:#d4d4d4">,</span><span> </span><span> </span><span class="token literal-property" style="color:#9cdcfe">headers</span><span class="token" style="color:#d4d4d4">:</span><span> </span><span class="token" style="color:#d4d4d4">{</span><span> </span><span> </span><span class="token string-property" style="color:#9cdcfe">'Content-Type'</span><span class="token" style="color:#d4d4d4">:</span><span> </span><span class="token" style="color:#ce9178">'application/json'</span><span class="token" style="color:#d4d4d4">,</span><span> </span><span> </span><span class="token literal-property" style="color:#9cdcfe">Authorization</span><span class="token" style="color:#d4d4d4">:</span><span> </span><span class="token template-string template-punctuation" style="color:#ce9178">`</span><span class="token template-string" style="color:#ce9178">Bearer </span><span class="token template-string" style="color:#569cd6">${</span><span class="token template-string" style="color:#9cdcfe">bearerToken</span><span class="token template-string" style="color:#569cd6">}</span><span class="token template-string template-punctuation" style="color:#ce9178">`</span><span class="token" style="color:#d4d4d4">,</span><span> </span><span> </span><span class="token" style="color:#d4d4d4">}</span><span class="token" style="color:#d4d4d4">,</span><span> </span><span> </span><span class="token" style="color:#d4d4d4">}</span><span class="token" style="color:#d4d4d4">,</span><span> </span><span></span><span class="token" style="color:#d4d4d4">)</span><span class="token" style="color:#d4d4d4">;</span><span> </span></code></pre></div>
Bearer tokens will expire after a set period. If a token expires, you will receive a 401 Unauthorized response.
Security Best Practices
- Keep Tokens Confidential: Do not expose your bearer tokens in publicly accessible areas, such as GitHub repositories or client-side code.
- Use HTTPS: Always use HTTPS to encrypt API requests and protect sensitive information.
- Rotate Tokens Regularly: Periodically refresh and rotate your bearer tokens to enhance security.
- Monitor for Unauthorised Use: Track API usage and revoke tokens if you suspect unauthorized access.