Skip to content

API Keys


For technical information regarding the FoxOMS API, please visit the developer portal

To access the FoxOMS REST API you will need to generate a set of credentials.

Authentication Types

The FoxOMS API supports two authentication types, Oauth 2.0 and Token Based Authentication.

Oauth 2.0

Oauth 2.0 offers superior security but requires additional libraries and setup.

Token Authentication

Token Authentication is the fastest way to connect to our API, but it is crucial to protect the token as your data is at risk if it falls into the wrong hands. Tokens last for around 5 years, but can be withdrawn and reset immediately.

Create / Edit an API Key

To create an API Key simply click the New button at the top of the Admin -> API Keys administration screen or click on an existing one in the API Keys table to edit.

A sidebar will appear where you can edit the parameters of the API Key.

API Key Sidebar

These fields appear for all API Keys:

Name Description
Description A description for the purpose of the API Key. For example "Finance Application Connector"
Authentication Type The type of authentication that this API Key will use (see above for detailed explanation)
Assign to User The API Key will receive the same access as the user selected. Group access controls set for this user will be obeyed


Each time you click "Save Changes" on an API Key, any existing authentication tokens will be refreshed. If you're using Oauth 2.0 your application logic should automatically handle retrieving a new token.

If you are using Token based authentication your API access will stop working until you update your code with the newly generated token


Keep Security with API Keys front of mind. Be sure the user you've added to the API key is in a group with the correct permissions for what you need to acomplish with your API integration.

Reset Secret Key

This option applies only to Oauth 2.0 authentication. It resets your secret key and retains your existing client id.

Delete an API Key

Deleting an API key removes the key and any authentication tokens generated, so applications using the key will immediately lose access.

To delete an API Key, open the key in the sidebar and click the red 'Trash' icon in the bottom right hand corner.

You will receive a confirmation before deletion occurs.