This article is a basic introduction to API Authentication within Feefo.

Whenever an API requests personal or company confidential data from Feefo, authentication is required. Feefo data requiring authentication includes:

The key steps in gaining access to the above information is as follows:

  • A request is sent to Feefo which includes your merchant identifier, your Feefo user_name and password, and your merchant API key.
  • Feefo recognises the request and returns an API Token together with an expiry time. The token is then valid for follow-up requests for 4 hours from the time it was generated.
  • Send one or more further requests to Feefo as an authorised user using the API Token. Authentication is achieved by including an HTTP Authorization request header with the request. The header includes the following:
    • Key = Authorization
    • Value = Token "API token"
  • A successful response returns the data requested.

The POST endpoint for authentication is:

https://api.feefo.com/api/apiauthenticate

together with the following keys:

JSON key Description Required or optional  Value
authenticationDTO .merchantIdentifier Unique identifier for the merchant account. Required string 
authenticationDTO .username Username for a merchant admin Feefo account (best served by a dedicated API account for this purpose). Required 
string 
authenticationDTO .password Password for a merchant admin Feefo account (best served by a dedicated API account for this purpose). Required 
string 
authenticationDTO .apiKey API key for the merchant account. Required 
string 

For example:

{
   "authenticationDTO": {
     "merchantIdentifier": "example-retail-merchant",
     "username": "your_feefo_login@merchant.com",
     "password": "your_feefo_password",
     "apiKey": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
   }
}
 

The response consists of:

Response Description Value
apiToken The API access token for making authenticated requests to the Reviews API. string
expiresTime The epoch date/time when the token will expire (4 hours after creation). string