Authenticating requests
To make an authenticated request, you'll first need to generate an API key for your account. To do so, navigate to your application settings by clicking on the gear icon in the top right corner then clicking "Application settings".
In your application settings, navigate to the "Users" tab then select "API keys" in the left side menu to get to the page for managing your API keys.
From this page, you can click "Add API key" if your user has the permissions required to do so. The permission required is "Manage users and permissions" and can be found on the "Security groups" page in the left side menu.
When creating an API key, you will be required to select a name for it. The name will be used for identifying the key and actions performed with the key.
After clicking the Create button, you will be given an API key and secret. Make sure to copy your API key secret at that point as you will not be able to see it again.
Finale Inventory uses basic authentication for authenticating API requests. To make an API request, you will need to include a basic authorization header with the key and secret base64 encoded. For example, if your key was "ABC" and your secret was "DEF", you would join them together with a ":" then base64 encode it. "ABC:DEF" base64 encoded is "QUJDOkRFRg==". You would then include the "authorization" header with the value "Basic QUJDOkRFRg==" on all your requests to our API.
Testing requests
If you would like to test API calls from our developer site, you can do so in the right side bar for the documentation of endpoints that support testing it. Enter the API key and secret along with your account name in the URL. In this screenshot, my account name is "example", my API key is "ABC" and my API secret is "DEF". Like mentioned previously, you can see in the CURL request example that it sets the authorization header to "Basic QUJDOkRFRg==". If you click the "Try It!" button, it will show the response below.
Endpoints that do not support testing through our documentation website would be authenticated in the same way as shown in the examples for API endpoints that do support testing through our documentation website.
Revoking API keys
If you need to revoke an API key, you can do so from the same page you created it. All API keys are shown on that page. Click the X icon to the right of the key to revoke it.
A model will pop up to confirm whether or not you would like to delete it.
Once deleted, any new API requests made with the API key will be rejected.
Rotating API keys
To rotate API keys, you will need to create a new API key and delete the old API key. To avoid downtime, you can create the new API key first, update your application to use the new one, then delete the old API key once you are no longer using it. The instructions for creating and deleting API keys are the same as shown earlier on this page.