Make Your First API Request
This quickstart shows you how to authenticate and call the Fiskl API. By the end you will have made live requests and know how to handle pagination, scopes, and errors. It also works as an end-to-end check that your API access is set up correctly.
Before You Begin​
- Create an API key first — see Create and Manage API Keys.
- Have a command line with
curl, or any HTTP client you prefer.
Base URLs​
Use the production URL for live data, and the staging URL for testing.
| Environment | Base URL |
|---|---|
| Production | https://api.fiskl.com |
| Staging | https://api.fiskl.ca |
Every endpoint sits under /v1. For example, the clients endpoint is https://api.fiskl.com/v1/clients.
Authenticate​
Send your token in the Authorization header on every request. The same header works for an API key (fsk_…) and for an OAuth access token.
Authorization: Bearer fsk_your_key_here
Make Your First Call​
Start with /v1/date-periods. It needs no special scope, so it is the quickest way to confirm your token works:
curl https://api.fiskl.com/v1/date-periods \
-H "Authorization: Bearer fsk_your_key_here"
A successful response returns the named date ranges for your company, each calculated from your accounting settings:
[
{ "name": "This Month", "start": "2026-06-01", "end": "2026-06-30" },
{ "name": "This Financial Year-to-date", "start": "2026-01-01", "end": "2026-06-23", "isDefault": true }
]
These ranges are the same presets the reports use. You select a period, then pass its start and end to a report or a filtered list. To read data, call a resource such as clients:
curl "https://api.fiskl.com/v1/clients?size=25" \
-H "Authorization: Bearer fsk_your_key_here"
Work with Pages​
List endpoints return one page at a time. Control paging with query parameters:
page— the page number, starting at0size— how many records per pagesort— the field and direction, such ascreated,desc
curl "https://api.fiskl.com/v1/invoices?page=0&size=50&sort=created,desc" \
-H "Authorization: Bearer fsk_your_key_here"
Understand Scopes​
A token can only reach data its scopes allow. API keys use fine-grained permissions; OAuth tokens use the coarser scopes below.
| Scope | Grants access to |
|---|---|
contacts:read / contacts:write | Clients and vendors |
invoicing:read / invoicing:write | Invoices, quotes, and line items |
payments:read / payments:write | Payments |
products:read / products:write | Products and services |
reports:read | Financial reports |
To see exactly what your token can do, call /v1/me/permissions.
Handle Errors​
The API uses standard HTTP status codes. Check the status before reading the body.
| Status | Meaning | What to do |
|---|---|---|
400 | The request was invalid | Fix the parameters or body and retry |
401 | The token is missing, expired, or revoked | Check the token, or create a new key |
403 | The token's scopes do not allow this action | Use a token with the right scope |
429 | Too many requests | Wait, then retry with backoff |
Run the End-to-End Check​
Use this sequence to confirm a complete setup:
- Create an API key with the scopes you need.
- Call
/v1/date-periodsand confirm a200response. - Call a resource such as
/v1/clientsand confirm your data returns. - Set up a webhook and trigger an event to confirm delivery.
The interactive reference at api-docs.fiskl.com lists every endpoint with example responses, and lets you authorise with a key and try calls in the browser.
Common Issues​
Requests return the wrong content or a redirect
Confirm you are calling the API host (api.fiskl.com) and a path under /v1. Calling the main app domain instead of the API host returns the web app, not API data.
Related Topics​
- Create and Manage API Keys — Generate the token this guide uses
- Receive Events with Webhooks — React to changes instead of polling
- Public API Overview — How the API building blocks fit together
- Financial Reports — The reports that use the same date ranges