Skip to main content

Overview

The Fincept API uses API keys for authentication. All requests must include the X-API-Key header with a valid API key.

API Key Types

User API Keys

Prefix: fk_user_Duration: PermanentAccess: Full API accessRate Limit: Based on subscription plan

Guest API Keys

Prefix: fk_guest_Duration: 24 hoursAccess: Limited featuresRate Limit: 50 requests/day

Getting an API Key

For Registered Users

  1. Register an account:
POST /user/register
Content-Type: application/json

{
  "full_name": "John Doe",
  "email": "john@example.com",
  "password": "SecurePassword123!",
  "device_fingerprint": "unique-device-id"
}
  1. Verify your email using the OTP sent to your inbox
  2. Login to receive your API key: 
POST /user/login
Content-Type: application/json

{
  "email": "john@example.com",
  "password": "SecurePassword123!"
}
Response: 
{
  "success": true,
  "message": "Login successful",
  "data": {
    "api_key": "fk_user_abc123xyz789...",
    "user": {
      "user_id": 1,
      "email": "john@example.com",
      "full_name": "John Doe"
    }
  }
}

For Guest Users

Create a temporary 24-hour API key: 
POST /guest/register
Content-Type: application/json

{
  "device_fingerprint": "unique-device-id"
}
Response: 
{
  "success": true,
  "message": "Guest user created successfully",
  "data": {
    "guest_id": "guest-uuid",
    "api_key": "fk_guest_xyz789abc123...",
    "expires_at": "2025-12-25T12:00:00"
  }
}

Using Your API Key

Include the API key in the X-API-Key header of all requests: 
curl -X GET "https://finceptbackend.share.zrok.io/user/profile" \
  -H "X-API-Key: fk_user_your_api_key_here"

Security Best Practices

Never share your API key or commit it to version control. Treat it like a password.
Store API keys in environment variables or secure vaults, never in code.
export FINCEPT_API_KEY="fk_user_your_api_key"
If your API key is exposed, regenerate it immediately via your profile settings.
Always use HTTPS to prevent API keys from being intercepted.
Only use your API key in server-side code, never in client-side JavaScript.

Rate Limiting

API requests are rate-limited based on your account type:
Account TypeRate Limit
Guest50 requests/day
Free User60 requests/hour
Starter Plan500 requests/hour
Professional Plan2,000 requests/hour
Enterprise PlanUnlimited
Rate limit information is included in response headers: 
X-RateLimit-Limit: 500
X-RateLimit-Remaining: 487
X-RateLimit-Reset: 1640000000

Error Responses

Invalid API Key

{
  "success": false,
  "message": "Invalid or missing API key",
  "error_code": "INVALID_API_KEY"
}

Expired API Key (Guest)

{
  "success": false,
  "message": "Guest API key has expired",
  "error_code": "EXPIRED_KEY"
}

Rate Limit Exceeded

{
  "success": false,
  "message": "Rate limit exceeded. Please try again later.",
  "error_code": "RATE_LIMIT_EXCEEDED"
}

Need Help?

Forgot API Key?

Login again to retrieve your API key or contact support.

Account Issues?

Contact us at support@fincept.in