​

API Authentication

​

Generating API Keys

1. Navigate to Settings in your Fabius account
2. Click on API Keys in the sidebar
3. Click Create API Key
4. Give your key a descriptive name (e.g., “Production Integration”)
5. Save the generated credentials securely

​

Authentication Method

Authorization: Basic base64(clientId:clientSecret)

​

Examples

​

Using cURL

curl -X GET https://api.fabius.io/external/v1/documents \
  -H "Authorization: Basic $(echo -n 'your-client-id:your-client-secret' | base64)"

​

Using JavaScript

const clientId = 'your-client-id';
const clientSecret = 'your-client-secret';
const credentials = Buffer.from(`${clientId}:${clientSecret}`).toString('base64');

fetch('https://api.fabius.io/external/v1/documents', {
  headers: {
    'Authorization': `Basic ${credentials}`
  }
});

​

Using Python

import requests
from requests.auth import HTTPBasicAuth

response = requests.get(
    'https://api.fabius.io/external/v1/documents',
    auth=HTTPBasicAuth('your-client-id', 'your-client-secret')
)

​

Authentication Details

​

Important Notes

• The Authorization header must use the exact format: Basic <base64-encoded-credentials>
• The scheme “Basic” is case-sensitive (lowercase “basic” will not work)
• Extra spaces in the Authorization header are automatically normalized
• Deleted API keys cannot be used for authentication

​

Security Best Practices

1. Never expose credentials: Keep API keys out of client-side code and version control
2. Use environment variables: Store credentials in environment variables
3. Rotate keys regularly: Generate new keys periodically
4. Use HTTPS: Always use HTTPS for API requests
5. Limit key scope: Create separate keys for different environments

​

Managing API Keys

• View active keys: See all active API keys and their creation dates
• Revoke keys: Immediately disable compromised or unused keys
• Track usage: Monitor which keys are being used (coming soon)