Authentication
Securely authenticate your requests to the Fixia API using API keys.
API Keys
All API requests must include an API key in the x-api-key header. API keys are long-lived tokens that grant full access to your account data.
http
GET /api/v1/contracts HTTP/1.1
Host: fixia.com.br
x-api-key: sk_live_your_key_hereKey Principles
- Keep it secret: Do not share your API key or commit it to version control.
- Server-side only: Always make API requests from your backend. Never expose API keys in client-side code (browsers or mobile apps).
- Prefixes: Our keys always start with
sk_live_for live keys.
API Key Scopes
Each API key can be restricted to specific scopes. If a key doesn't have the required scope for an endpoint, the API will return a 403 Forbidden error.
| Scope | Description |
|---|---|
contracts:read | List and view contract details |
assets:read | List and view asset details |
service_orders:write | Create and update service orders |
IP Whitelisting
For enhanced security, you can restrict an API key to specific IP addresses. Requests coming from other IPs will be rejected with a 401 Unauthorized error.