ADM API
Futrou ADM API exposes our internal systems via a standardized programmatic interface. It's publicly avaiable to all our customers and allows you to build your own applications on top of it or automate specific tasks. This API interface is also used by our control panel on app.futrou.com.
The Futrou ADM API is based on HTTPS requests and JSON responses. Other formats such as XML or graphQL are not supported.
Getting started
The current stable base URL of latest API version is:
https://adm_api.futrou.com
The API is accessed by making HTTPS requests to a specific endpoint URL by GET, POST, PUT, or DELETE method. Each endpoint can be accessed only via the TLS-enabled HTTPS (port 443) protocol.
Requests
All requests must be sent over HTTPS and formatted in JSON.
The Content-Type:application/json and X-Requested-With:FUTROU_ADM headers are required.
Cross-Origin Resource Sharing
The API implements Cross-Origin Resource Sharing (CORS) policies. The Access-Control-Allow-Origin header is set to one of these hosts based on request Origin header.
https://futrou.com
https://app.futrou.com
https://help.futrou.com
https://adm_api.futrou.com
http://localhost:3000 -- Allowed for development purposes
Due to this security limitation the API can be used only by your internal application. The javascript CORS request will be blocked by the most of current modern web browsers with enabled web-security policies.
Ways of Authentication
The most of the API endpoints requires authentication to associate request with user account. The ADM API offers these two forms of authentication:
- API Token
- Session Token
Authentication
- API Key
- Session Token
API Key authentication method is recommended for automation. This authentication method requires secret API token to be sent in Authorization header just after Bearer word followed by space.
Example: Authorization: Bearer <API TOKEN>
The secret token can be generated on Settings page of your account on app.futrou.com. The lifetime of API TOKEN is not limited. It's necessary to regenerate or delete API TOKEN after possible disclosure.
| Security Scheme Type: | http |
|---|---|
| HTTP Authorization Scheme: | bearer |
| Bearer format: | JWT |
Session Token authentication method is mostly used by our web clients. This authentication method requires secret token to be sent in Cookie header. The name of cookie with secret token has to be FUTROU_ADM.
Example: Cookie: FUTROU_ADM=FADM-SID-MTgyRDY3mjRFNDBFNUI3RTfDRTM4OEVCQjA5MkUxQ0VfdzFFN0I4NDN3E
The secret token can be obtained from Set-Cookie header returned by /auth/login endpoint.
Example: FUTROU_ADM=FADM-SID-MTgyRDY3mjRFNDBFNUI3RTfDRTM4OEVCQjA5MkUxQ0VfdzFFN0I4NDN3E; path=/; domain=adm_api.futrou.com; secure; httponly; samesite=none; priority=High
This authentication method is not recommended for automation due to its limited lifetime and other limitations.
| Security Scheme Type: | apiKey |
|---|---|
| Header parameter name: | FUTROU_ADM |