Florality
FeaturesPricingSecurityFAQAbout
Sign upSign in
Public REST APIv1

REST reference & guides

Public REST APIv1

REST reference & guides

Get started

  • Overview
  • Authentication
  • Scopes
  • Errors

API reference

  • Members
  • Groups
  • Entries
  • Front
  • Appearance
  • Custom fields
  • Trash
  • Search
  • Member statuses
  • Systems
  • Messaging
  • Privacy buckets
  • Terminology
  • Friends
  • Subscriptions
  • Billing
  • Import
  • Social
  • Guestbook & poll
  • Group layout
  • Activity
  1. Documentation
  2. Authentication
API keys
Florality

Organise your system. One front at a time.

Get startedSign in

Product

  • Features
  • Pricing
  • Public REST API
  • Security

Company

  • About
  • Our team
  • Changelog
  • Contact

Resources

  • FAQ
  • Trust & Safety
  • Privacy Policy
  • Terms of Service
  • Refunds and cancellation

© 2026 Florality. All rights reserved.

Privacy·Terms·

Authentication

Every /api/v1 request must send a valid API key in the Authorization header. Browser session cookies are not used for these routes.

Bearer token

HTTP
Authorization: Bearer <token>

Each route validates the key and required scopes before running handler logic.

When authentication fails

Invalid or missing Authorization on JSON routes returns 401 with the standard error object (see Errors).

401

JSON
{
  "code": "UNAUTHORIZED",
  "message": "Missing or invalid API key. Use Authorization: Bearer <token>."
}

Token format

Tokens are opaque strings:

Plain text
flv1_<lookup-uuid>_<secret>

The full value is shown once when you create or rotate a key. The dashboard lists a masked prefix (for example flv1_550e8400…).