Firefly III features a JSON API.
To read more about Personal Access Token, check out the bottom of this page.
The API uses the OAuth2 workflow. You need to create OAuth2 Clients in your profile when logged in.
These clients have a secret (visible in the screenshot). The secret can be exchanged for an access token. The access token is used to access the API.
Firefly III offers the following end points that can be used in applications that support the OAuth2 workflow, such as Postman.
Here you see how Postman would use the secret to get an access token. What you can build in OAuth2 is out of the scope of this document.
Personal Access Token
Some technical background. If your application can't or won't use OAuth2 (like the Firefly III CSV importer) you must generate a Personal Access Token on your profile page.
Go to your profile page (visit
/profile) and follow these instructions:
Click on "create new token":
Give your token a name you recognize:
Copy the entire token. Yes, it's very long!
To use the token you have to pass an
Authorization: Bearer <token> HTTP header. As an example in curl:
curl -X GET 'https://your-domain/api/v1/webhooks' \ -H 'accept: application/vnd.api+json' \ -H 'Authorization: Bearer [Personal Auth Token]' \ -H 'Content-Type: application/json'