Guides
Start typing to search…

API credentials

Create credentials to authorize your API requests to BFG.

BFG uses bearer token authentication. Include your secret API key in the Authorization header of every request:

curl --request GET \
     --url https://api-sandbox.buyingfreedom.app/api/customers \
     --header 'authorization: Bearer YOUR_API_KEY_HERE' \

Generating an API key

  1. Log in to BFG using one of the following environments:
    • Sandbox: Use the sandbox environment to generate API keys for development and testing.
    • Production: Use the production environment to generate API keys when you're ready to run live requests.
  2. Click Settings.
  3. In the Integrations section on the Settings page, select API Keys.
  4. On the Manage API page, click Create Key, and then enter the following information:
    • Name: The name of your API key.
    • Expire Date: Optionally, select a date to specify an expiration date for the API key. You can't change the expiry date of an API key after it's created.
    • Permissions: The options you can select are based on the groups and permissions configured in your account. For details, go to Groups and permissions.
  5. Click Save.
  6. In the API Key section, click Copy. Make sure to copy the API key, as it won't be displayed again.

Note: Your API keys are separate for sandbox and production environments.

Deactivating your API key

  1. On the Manage API page, click Delete in the row of an API key.
  2. In the Are you sure? dialog, click Delete. This change is applied immediately and will block the web service user from making API requests.

Changing your API key

To replace your API key, follow the steps for generating a new one. And then, make sure to delete your old API key.

API request limit

The BFG API allows up to 400 requests per minute. If you exceed this limit, you will receive the following 429 error response status code:

{
    "message": "Too Many Requests."
}

To avoid interruptions, pace your requests within the allowed rate.

Multiple API credentials

There are pros and cons to consider when determining the number of API credentials to create. Fewer credentials are easier to manage, while more credentials give you better control over permissions and can improve security. Consider the following examples:

  • If you operate both an online sales channel and a point-of-sale (POS) channel, it's recommended to generate separate API credentials for each channel.
  • If you're processing orders for a store and a brand, you can assign different credentials to control permissions separately.

Some merchants choose to create separate API credentials for each legal entity or website. In the end, the number of credentials you use should match your business needs and security goals.

Keeping your API key secure

Don’t share your API key in public code or in apps that run in a browser. Your API key is linked to your account, and if used incorrectly, your access may be limited or blocked. If you think your API key has been exposed, contact [email protected] immediately and delete your API key on the Manage API page.

Updated 3 months ago