All Collections
For Developers
How to use Formaloo API Keys in Formaloo API
How to use Formaloo API Keys in Formaloo API

Learn to use Formaloo API Keys. Obtain API Key, Secret Key, get Authorization Tokens, and call APIs seamlessly.

Updated over a week ago

Formaloo will grant you your own API key token and secrets to either write your own APIs with them or use them on any available SDK written on Formaloo.

In order to write your own custom API, you will need to follow these steps:

1- Obtain your API Key and Secret Key from Formaloo.

2- Use the Secret Key to obtain the expirable Authorization Tokens.

3- Use the API Key and Authorization Token to call your desired API.

We will describe each step with examples in the following parts:

API keys

Click on “Formaloo”, then you’ll see your API keys

1. Obtain the tokens

In order to obtain the API Key and Secret Key, you should visit, go to the Connections tab, select the Formaloo Integration, and in the integration page, copy the API Key and Secret Key. (Note: The write-only key is for rare occasions where you want to create a mobile application that writes data on behalf of you. In almost all normal scenarios, you won’t need it.)

API Key: This key is used to identify your application and the integration you’re using. You have to include it in all requests, with the header x-api-key.

Secret Key: You will need this key to acquire the Authorization Tokens, sent in all requests. Please note that the Authorization Token has a short lifetime and will be expired after 30 seconds, but the Secret Key will not be expired and can be used to acquire as many Authorization Tokens as you want.

2. Get Authorization Token

The next step is to use your Secret Key to acquire an Authorization Token. In order to do so, you have to simply send a post requests to the following endpoint:

Your request should contain this header and body:


Authorization = Basic {Secret Key}

Body (form-data):


Example (cURL)

curl '' \\ --header 'Authorization: Basic {Secret Key}' \\ --form 'grant_type="client_credentials"'

Example (Python)

import requests url = "" payload={'grant_type': 'client_credentials'} headers = { 'Authorization': f'Basic {secret_key}' } response = url, headers=headers, data=payload ) if response.status==200: authorization_token = response.json().get('authorization_token')


{ "authorization_token": "{Authorization Token}" }

If your Secret Key is valid and you’re sending the request properly, you will receive an Authorization Token in the response, which you can use to call the API before it expires and needs to be refreshed.

3. Call Formaloo’s API

In this step, you have a valid API Key and an active Authorization Token. All you need to do now is to include each in the proper header to authenticate your API call:


Authorization = JWT {Authorization Token} x-api-key = {API Key}

Please note that all the APIs (except the authorization API) need the x-api-key header, while some (e.g. submitting a form) don’t need the Authorization header. Refer to the API documentation to see which endpoints don’t need the Authorization header.

Request Example (cURL):

curl '' \\ --header 'x-api-key: {API Key}' \\ --header 'Authorization: JWT {Authorization Token}'

Request Example (Python):

import requests url = "" headers = { 'x-api-key': f'{api_key}', 'Authorization': f'JWT {authorization_token}' } response = requests.get( url, headers=headers )

Did this answer your question?