Authentication & Access Control

Getting an API key

Programmatic access to the HTTP api is authenticated with API keys, which are available at the “Standard” plan subscription level and above without further charge.

At this point, API keys are provided on-demand. Send an email to <api@tallyfi.com> and as long as you have an active subscription we’ll enable a key for you. It is worth mentioning that API keys are tied to individual user accounts and carry the same permission rules and constraints that apply to that user. For instance, if your planned application only requires read-only access, you can create a new user account via the ‘invite additional users’ link on the settings dashboard, and indicate view-only access. When an API key is generated for that account, it will only support read-only access. Whether read or read+write, all of our public API endpoints are intended to be used from the server side, rather than the client side (browser). You’ll want to ensure that your API keys are not shared publically as that would allow access to arbitrary live and historical data.

As a helpful measure, once API access is enabled and you are signed into the associated user account, you can visit the API dashboard , and review the top level entities which the API key provides access to.

Supplying Credentials

All of the endpoints described in this document support the passing of the API key as a GET or POST parameter or a HTTP header entry:

  • e.g. as GET parameter, where API key is ‘123456789’

    GET /api/1.0/example?apikey=123456789 HTTP/1.1
    
  • e.g. as header key, where API key is ‘123456789’

    GET /api/1.0/example HTTP/1.1
    apikey: 123456789