Making Requests

Here are the building blocks to set up your first request.


POST /token

import axios from 'axios';
const getToken = async () => {
const response = await axios({
method: 'post',
url: '',
headers: {
'Content-Type': 'application/json'
data: JSON.stringify({
"public_key": process.env.PUBLIC_KEY,
"private_key": process.env.PRIVATE_KEY,
$client = new \GuzzleHttp\Client();
$headers = [
'Content-Type' => 'application/json'
$request = new Request('GET', '', $headers);
$res = $client->sendAsync($request)->wait();
echo $res->getBody();
import os
import requests
import json
def get_token():
public_key = os.environ.get("PUBLIC_KEY")
private_key = os.environ.get("PRIVATE_KEY")
api_url = ''
headers = {'Content-Type': 'application/json'}
data = {
'public_key': public_key,
'private_key': private_key
response =, headers=headers, data=json.dumps(data))
return response.json()
token = get_token()
using System;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;
using Microsoft.Extensions.Configuration;
public class TokenService
private readonly IConfiguration _configuration;
private readonly HttpClient _httpClient;
public TokenService(IConfiguration configuration)
_configuration = configuration;
_httpClient = new HttpClient();
public async Task<string> GetTokenAsync()
var publicKey = _configuration["PUBLIC_KEY"];
var privateKey = _configuration["PRIVATE_KEY"];
var requestContent = new StringContent(
public_key = publicKey,
private_key = privateKey
var response = await _httpClient.PostAsync("", requestContent);
if (!response.IsSuccessStatusCode)
throw new Exception($"Failed to get token. Status code: {response.StatusCode}");
var responseData = await response.Content.ReadAsStringAsync();
return responseData;


"data": {
"expiry_time": 1657485864,
"type": "BEARER",
"token": "vXdvRb0DIw9DSnC4NCeCWmjmI5dJmeMrl0Esg2HG6EeaHZmcaYtymifw7YVCySCAuAEpruJx8fZBAX0FYmhfOc5WSzp9uDRQ3xdC06JTIDLVVmngvfFRkxCsPaV4oqmYCZcwe6oldLhWZnHE2EPUbc7OG3W3klyGQg8u00UmwqXeLIgA8CryoNGgA3Y3mitxKV7Y2uhlmPySP0BQ1K64ml8bJMLoLbQj3PMpt1eKwJdlETCTRjW"
"errors": [],
"meta": {
"code": 200,
"reason": "OK",
"message": "The request was successful",
"request_id": "10610d99-42cf-41dd-9d23-128df906544c"

All requests to our API need to be authorised. You can generate a public and private key from the dashboard and can generate further keys via the API or dashboard (if your initial token has permission to do so).

Felloh uses public & private keys to generate a bearer token to allow you to access our API's.

Once you have generated a public and private key using our dashboard, you can generate a Bearer token to make requests against our API.

HTTP Endpoint



Transport Encryption

All requests are encrypted using TLS 1.2 or TLS 1.3.

All API requests must be made over HTTPS. Any calls made over unencrypted HTTP will fail.

MIME Types


Accept: application/json

All responses from the API are in JSON format with UTF-8 encoding. An Accept header is required with every request:


Content-Type: application/json

All request bodies sent to the API should be in JSON format. A Content-Type header is required whenever you're sending a request body (i.e. for POST and PUT requests):

Request ID


"meta": {
"request_id": "10610d99-42cf-41dd-9d23-128df906544c"

All responses will contain an 'request-id' in the response. The value uniquely identifies the request/response.

We recommend you keep track of this for debugging purposes. When interacting with support, providing this will allow the team to give you prompt and personalised support.