Authentication
Quick Start
Every API request requires an Authorization header with your token and an X-Client-System header identifying your application:
curl https://app.fenerum.com/api/v1/accounts/ \
-H "Authorization: Token your-token-here" \
-H "X-Client-System: YourAppName"Keep your API token secret! Treat it like a password—never commit it to version control or expose it in client-side code.
How Authentication Works
The Fenerum API uses token-based authentication. Include your API token in the Authorization header of every request using this format:
Authorization: Token <your-token>All requests must be made over HTTPS to https://app.fenerum.com/
Getting Your API Token
Create an API token from your Fenerum organization settings:
- Navigate to Settings → Integrations
- Click Create API user in the Fenerum section
This creates an API USER with a unique token. The API USER appears in your user list and has full permissions by default—you can customize these in the user profile.
Required Headers
Every API request must include these headers:
| Header | Required | Example | Description |
|---|---|---|---|
Authorization | Required | Token abc123def456 | Your API authentication token. Format: Token <your-token> |
X-Client-System | Required | MyAwesomeCRM | Name of your application or integration. Used for support and audit logs. |
X-User | Recommended | john.doe | Username in your system. Creates detailed audit trails showing which user made each change. |
The X-User header is particularly valuable for debugging and compliance—it lets you trace every API action back to a specific user in your system.
Examples
Fetching Data
curl https://app.fenerum.com/api/v1/accounts/ \
-H "Authorization: Token abc123def456" \
-H "X-Client-System: MyAwesomeCRM" \
-H "X-User: john.doe"Creating Resources
curl -X POST https://app.fenerum.com/api/v1/accounts/ \
-H "Authorization: Token abc123def456" \
-H "X-Client-System: MyAwesomeCRM" \
-H "X-User: john.doe" \
-H "Content-Type: application/json" \
-d '{
"code": "CUST001",
"name": "Acme Corporation",
"email": "contact@acme.com"
}'Complete HTTP Request
POST /api/v1/accounts/ HTTP/1.1
Host: app.fenerum.com
Authorization: Token abc123def456
X-Client-System: MyAwesomeCRM
X-User: john.doe
Content-Type: application/json
{
"code": "CUST001",
"name": "Acme Corporation",
"email": "contact@acme.com"
}Important Details
Base URL
All API endpoints are relative to:
https://app.fenerum.com/Trailing Slashes Required
All API URLs must end with a trailing slash (/).
This is critical for POST, PUT, and PATCH requests. While GET requests will auto-redirect, requests with payloads will fail without the trailing slash.
Correct:
/api/v1/accounts/
/api/v1/accounts/123/Incorrect:
/api/v1/accounts
/api/v1/accounts/123Testing Your Setup
Verify your authentication with a simple request:
curl https://app.fenerum.com/api/v1/accounts/ \
-H "Authorization: Token your-token-here" \
-H "X-Client-System: TestClient"Success Response (HTTP 200)
{
"count": 10,
"next": "https://app.fenerum.com/api/v1/accounts/?page=2",
"previous": null,
"results": [
{
"uuid": "123e4567-e89b-12d3-a456-426614174000",
"code": "CUST001",
"name": "Acme Corporation",
"email": "contact@acme.com"
}
]
}Error Response (HTTP 401)
{
"detail": "Invalid token."
}Troubleshooting
If you receive authentication errors, check:
- Missing
Authorizationheader — Every request must include this header - Wrong token format — Must be
Token <your-token>, not just the token value - Expired or revoked token — Tokens can be disabled in user settings
- Wrong organization — Tokens are organization-specific and won't work across organizations
- Missing
X-Client-System— This required header must be present on all requests
Still having issues? Contact our support team with your request details (excluding your token).
