FG API

Appearance

Authentication

FG API uses a secure authentication system to protect your APIs and manage user access.

How Authentication Works

User Registration

  1. Sign Up: Create an account with email and password
  2. Approval Code: Enter the approval code provided by your administrator
  3. Account Approval: Wait for your account to be approved
  4. Access Granted: Once approved, you can access all features

Login Process

  1. Enter your email and password
  2. The system validates your credentials
  3. You receive an access token (valid for 1 hour)
  4. You also receive a refresh token (valid for 7 days)

Token Management

  • Access Token: Used for API requests, expires after 1 hour
  • Refresh Token: Used to get new access tokens, expires after 7 days
  • Automatic Refresh: The system automatically refreshes your access token when needed

User Status

Pending Approval

  • New users start with "pending" status
  • Limited access until approved by an administrator
  • Cannot create or manage APIs

Approved Users

  • Full access to all platform features
  • Can create, edit, and delete APIs
  • Can manage endpoints and fields
  • Access to analytics and monitoring

Security Features

Rate Limiting

  • Authentication endpoints: 5 attempts per 15 minutes

  • API endpoints: 100 requests per 15 minutes

  • User-specific limits: 200 requests per 15 minutes for authenticated users

Security Headers

  • CORS protection for cross-origin requests

  • Security headers to prevent common attacks

  • Input validation and sanitization

Token Security

  • Tokens are stored securely in your browser

  • Automatic token refresh prevents session expiration

  • Secure logout clears all tokens

Managing Your Account

Changing Password

  1. Go to your profile settings
  2. Click "Change Password"
  3. Enter your current password
  4. Enter your new password
  5. Confirm the change

Logout

  • Click the logout button in the top navigation

  • All tokens are cleared from your browser

  • You'll need to log in again to access the platform

Troubleshooting

"Account Pending Approval"

  • Your account is waiting for administrator approval

  • Contact your administrator for approval

  • You'll receive access once approved

"Token Expired"

  • Your access token has expired

  • The system will automatically refresh it

  • If refresh fails, you'll need to log in again

"Too Many Requests"

  • You've hit the rate limit

  • Wait 15 minutes before trying again

  • Consider reducing request frequency

"Invalid Credentials"

  • Check your email and password

  • Ensure caps lock is off

  • Try resetting your password if needed

Best Practices

Password Security

  • Use a strong, unique password

  • Don't share your credentials

  • Change your password regularly

Token Management Help

  • Don't manually edit tokens in browser storage

  • Log out when using shared computers

  • Report suspicious activity immediately

API Security

  • Always use HTTPS for API requests

  • Don't expose your tokens in client-side code

  • Monitor your API usage regularly