Authentication
Learn how to authenticate your API requests using API keys.
Overview #
The FireCustos API uses API key authentication. Every request must include a valid API key in the Authorization header.
Creating API Keys #
API keys are created in the FireCustos admin panel:
- Log in to FireCustos as an Admin or Commander
- Go to Settings → API Keys
- Click "Create API Key" and give it a descriptive name
- Copy the key immediately — it is shown only once
Important
API keys are prefixed with fc_ and are 68 characters long. The full key is displayed only once at creation — store it securely immediately.
Using API Keys #
Include the API key in the Authorization header as a Bearer token:
bash
curl -X GET https://app.firecustos.com/api/v1/firefighters \
-H "Authorization: Bearer fc_your_api_key_here"Security #
API keys are sensitive credentials. Follow these best practices:
- Never share API keys in public repositories or client-side code
- Use environment variables to store keys
- Rotate keys periodically — revoke old keys and create new ones
- Each key is SHA-256 hashed before storage — FireCustos never stores your plaintext key
- Set expiration dates on keys when possible
Authentication Errors #
When authentication fails, the API returns a 401 Unauthorized response:
No API key provided
json
{
"status": 401,
"title": "Unauthorized",
"detail": "Missing or invalid Authorization header."
}API key is invalid
json
{
"status": 401,
"title": "Unauthorized",
"detail": "Invalid API key."
}API key has been revoked
json
{
"status": 401,
"title": "Unauthorized",
"detail": "API key has been revoked."
}API key has expired
json
{
"status": 401,
"title": "Unauthorized",
"detail": "API key has expired."
}