Authentication
All API requests require authentication via API key.
Getting an API Key
- Log in to your FYOS account
- Navigate to Account → API Keys
- Click Create New Key
- Copy the key immediately (shown only once)
Using Your API Key
Include the API key in the Authorization header:
curl https://api.fyos.io/v1/opportunities \
-H "Authorization: Bearer your_api_key_here"Key Format
API keys follow this format:
fyos_sk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx| Prefix | Meaning |
|---|---|
fyos_sk_live_ | Production key |
fyos_sk_test_ | Test/sandbox key |
Key Management
Viewing Keys
Account → API Keys shows:
- Key name (user-defined)
- Key prefix (first 8 characters)
- Created date
- Last used date
- Permissions
Revoking Keys
Click Revoke next to any key. This is immediate and irreversible.
Key Permissions
Keys inherit your account tier permissions:
| Permission | Pro | Desk |
|---|---|---|
| Read opportunities | ✓ | ✓ |
| Read simulations | ✓ | ✓ |
| Read portfolio | — | ✓ |
| Write operations | — | ✓ |
Security Best Practices
- Never commit keys — Use environment variables
- Rotate regularly — Create new keys periodically
- Use minimal permissions — Request only needed access
- Monitor usage — Check last-used dates for anomalies
- Revoke compromised keys — Immediately if exposed
Environment Variables
# .env (never commit this file)
FYOS_API_KEY=fyos_sk_live_xxxxxxxx// Usage
const apiKey = process.env.FYOS_API_KEY;Testing Authentication
curl https://api.fyos.io/v1/auth/verify \
-H "Authorization: Bearer your_api_key_here"Success response:
{
"data": {
"valid": true,
"tier": "pro",
"expires_at": null
}
}Common Errors
401 Unauthorized
{
"error": {
"code": "UNAUTHORIZED",
"message": "Invalid or missing API key"
}
}Causes:
- Missing
Authorizationheader - Malformed key
- Revoked key
403 Forbidden
{
"error": {
"code": "FORBIDDEN",
"message": "Insufficient permissions for this endpoint"
}
}Causes:
- Endpoint requires higher tier
- Key has restricted permissions