Authentication

Overview

The Finale GraphQL API uses HTTP Basic Authentication. For complete details, refer to the Finale API Authentication documentation.

Endpoint

POST https://app.finaleinventory.com/{account}/api/graphql

Replace {account} with your Finale account name.

HTTP Basic Authentication

Authentication requires an API key and secret combined using HTTP Basic Authentication:

1. Generate an API key and secret from your account's Application Settings > Users > API keys
2. Combine your key and secret with a colon separator: key:secret
3. Base64 encode the combined string
4. Include in the Authorization header: Authorization: Basic {base64-encoded-credentials}

For example, if your key is ABC and secret is DEF:

• Combined: ABC:DEF
• Base64 encoded: QUJDOkRFRg==
• Header: Authorization: Basic QUJDOkRFRg==

Complete Example

Using curl

curl -X POST "https://app.finaleinventory.com/youraccount/api/graphql" \
  -H "Content-Type: application/json" \
  -H "Authorization: Basic YOUR_BASE64_ENCODED_CREDENTIALS" \
  -d '{
    "query": "query { productViewConnection(first: 5) { edges { node { productId sku } } } }"
  }'

Security Best Practices

1. Never expose credentials in client-side code
2. Use HTTPS for all requests
3. Store API keys securely (environment variables, secure vaults)
4. Rotate keys regularly to minimize exposure risk
5. Monitor API usage for unusual activity
6. Revoke compromised keys immediately through the API keys management page

Next Steps

Once authenticated, you can:

• Run your first query
• Explore available collections
• Learn about ViewConnections