Skip to content



apifew core task is to grant/check end-users licenses, and when applicable, register usage.

Standalone applications and SaaS can request apifew to check if a given user has been assigned a license. It is done by requesting apifew's API.

APIs applications can also check user rights to request and register requests usage, with 3 different methods.

License check

An application can request apifew's API to check if a given user has be assigned with a valid license.

endpoint:   POST
body:       {
                "APIFEW_KEY":       "12345678-aaaa-bbbb-cccc-1234567890abcdef",
                "LICENSE_KEY":      "12345678-aaaa-bbbb-cccc-1234567890abcdef",
response:   Result object {
                "license_ok":       true,
                "username":         "",
                "alias_uid":        "ABCDEF1234567890"

API endpoints

Three different ways are available to serve request from end-user.

Description Request server Pros Cons
apifew's gateway simple for end-user/provider not suitable for heavy workloads
token API provider suitable for any workload more work on integration
request stamp API provider simple for end-user end-user must trust provider

apifew's gateway

It is the most straighforward. End-user requests via apifew and gets results back in a Result object. There is only 1 change vs a direct API call: request is packaged as an RPC:

endpoint:   <METHOD>
headers:    'Apifew-User-License-Key': '12345678-aaaa-bbbb-cccc-1234567890abcdef'
body:       {
                "APP_NAME":         "",
                "ROUTE":            "/a/route",
                "METHOD":           "GET",
                ?"PARAMS":           {
                                        "param1":   "value1",
                                        "param2":   "value2"
                ?"HEADERS":          {
                                        "x-api-key":    "a_secret_key"
                ?"RESPONSE_AS_RESULT" true
response:   Result object (or raw response) Response from API (if RESPONSE_AS_RESULT is true)


Few cases disfavor apifew's gateway option: requests involve heavy load such as picture/video or PDF files, or highly sensitive/regulated data.
In such case, API consumer needs to directly request your API.

With 'token' mode, API consumer first request a one-usage-only token to apifew, and will pass this token as header 'Apifew-Request-Token' when requesting to your API.

Step 1: consumer requests apifew for token
endpoint:   POST
body:       { 
                "USER_LICENSE_KEY": "12345678-aaaa-bbbb-cccc-1234567890abcdef",
                "API_URL":          "",
                "API_METHOD":       "GET"
response:   Result object {
                "token":            "12345678-aaaa-bbbb-cccc-1234567890abcdef"
Step 2: consumer requests API directly, with token
endpoint:   <METHOD>
headers:    'Apifew-Request-Token': '12345678-aaaa-bbbb-cccc-1234567890abcdef'
params/body:<PARAMS OR BODY>
Step 3: API provider consumes token and set request status
endpoint:   POST
headers:    'Apifew-App-Secret-Key': '12345678-aaaa-bbbb-cccc-1234567890abcdef'
body:       {
                "TOKEN":            "12345678-aaaa-bbbb-cccc-1234567890abcdef",
                "REQUEST_STATUS_CODE": 200,
    optional    "SHOW_PRICING":     true    
response:   Result object {
                "app_name":         "",
                "token":            "12345678-aaaa-bbbb-cccc-1234567890abcdef",
                "consumed":         true,
                "pricing":          "main"


Note that if REQUEST_STATUS_CODE differs from 200, no fee will be charged

(optional) Step 4: consumer confirms request status

To be implemented

request stamp

This last option enables API provider to stamp request once processed