Developer Portal

API

Overview

We have two sets of APIs, each optimised for its purpose. To gain authorised access, please follow the authentication mechanism below.

REST API

Use our REST API to query and post transactional data.

REST API Documentation

You can also register webhooks to receive notifications of events, such as client creation, allowing you to respond accordingly.

Webhooks Documentation

GraphQL

Use our GraphQL API to query financial and management report data.

GraphQL Documentation

Authentication

To securely access the Efimis API, applications must use the OAuth2 client credential flow authentication mechanism.

The Client ID and Client Secret are issued by Efimis, authorizing an application to access the API.

The tenant must also enable the application in the settings area to grant it access to the tenant’s data.

See Authentication Guide for details on OAuth 2.0 flows and making authenticated requests.

Making an Authenticated API Request

To call the API, include the access_token in the Authorization header for all API requests.

Example Request (C#)

csharp

var client = new HttpClient() {
    BaseAddress = new Uri("https://api.alpha.lfms.dev/[tenant]")
};
var headers = client.DefaultRequestHeaders;
headers.Authorization = new AuthenticationHeaderValue("Authorization", $"Bearer OAUTH_ACCESS_TOKEN");

async Task<T> Send<T>(HttpRequestMessage request, Func<JsonDocument, T> getResult)
{
    var response = await http.SendAsync(request);
    if (!response.IsSuccessStatusCode) throw new Exception(jsonResponse.ToString());
    using var content = await response.Content.ReadAsStreamAsync();
    var doc = await JsonDocument.ParseAsync(content);
    return getResult(doc);
}

var request = new HttpRequestMessage(HttpMethod.Get, "v1/resources");
var id = await Send(request, result => {
    // Do something with the json response
    var data = result.RootElement.GetProperty("data");
    return data.GetProperty("id").GetString();
});
Console.WriteLine(id);

Security Best Practices

Store credentials securely: Never expose Client IDs, Secrets, API Keys, or Tokens in frontend code.
Use HTTPS: Always send authentication requests over a secure connection.
Implement Least Privilege: Only request the scopes your application needs.

Reach out to us at connections@efimis.com to get access to your own free sandbox environment and a developer key.