Authentication

You'll need to authenticate your requests to access most of the endpoints in the Felloh API.

Requests to our API need to be authorised using a JWT token, JWT is an open standard designed to allow powerful server-to-server authentication.

Authenticating your requests

You can generate a public and private key from the felloh dashboard and can generate further keys via the API or dashboard (if your initial token has permission to do so).

Felloh uses public & private keys to generate a JWT bearer token to allow you to access our API's.

Once you have generated a public and private key using our dashboard, you can generate a Bearer token to make requests against our API.

Authentication Request

POST
https://api.felloh.com/token
import axios from 'axios';

const getToken = async () => {
  const response = await axios({
    method: 'post',
    url: 'https://api.felloh.com/token',
    headers: {
      'Content-Type': 'application/json'
    },
    data: JSON.stringify({
        "public_key": process.env.PUBLIC_KEY,
        "private_key": process.env.PRIVATE_KEY,
      },
    ),
  });


  return response.data;
};

Example response

{
  "data": {
    "expiry_time": 1657485864,
    "type": "BEARER",
    "token": "vXdvRb0DIw9DSnC4NCeCWmjmI5dJmeMrl0Esg2HG6EeaHZmcaYtymifw7YVCySCAuAEpruJx8fZBAX0FYmhfOc5WSzp9uDRQ3xdC06JTIDLVVmngvfFRkxCsPaV4oqmYCZcwe6oldLhWZnHE2EPUbc7OG3W3klyGQg8u00UmwqXeLIgA8CryoNGgA3Y3mitxKV7Y2uhlmPySP0BQ1K64ml8bJMLoLbQj3PMpt1eKwJdlETCTRjW"
  },
  "errors": [],
  "meta": {
    "code": 200,
    "reason": "OK",
    "message": "The request was successful",
    "request_id": "10610d99-42cf-41dd-9d23-128df906544c"
  }
}

Using Bearer Token

To make an authenticated request, add the Authorization header with the bearer token to your HTTP request to the Felloh API.

An Example Authenticated Request

POST
https://api.felloh.com/agent/transactions${transactionID}/refund
const transactionID = 123-123;
const bearerToken = 'Bearer token from authentication request';

const response = await axios(
  {
    method: 'post',
    url: `https://api.felloh.com/agent/transactions${transactionID}/refund`,
    data: { amount },
    headers: {
        'Content-Type': 'application/json',
        Authorization: `Bearer ${bearerToken}`,
    },
  },
);

Bearer tokens will expire after a set period. If a token expires, you will receive a 401 Unauthorized response.

Security Best Practices

  • Keep Tokens Confidential: Do not expose your bearer tokens in publicly accessible areas, such as GitHub repositories or client-side code.
  • Use HTTPS: Always use HTTPS to encrypt API requests and protect sensitive information.
  • Rotate Tokens Regularly: Periodically refresh and rotate your bearer tokens to enhance security.
  • Monitor for Unauthorised Use: Track API usage and revoke tokens if you suspect unauthorized access.