Authentication

All API endpoints (except /register) require authentication via an API key.

Obtaining an API Key

Register your Fleet Management Organization (FMO) via the POST /register endpoint. You'll receive an API key that starts with qfx_. This key is shown once — store it securely.

Using Your API Key

Include the key in the Authorization header as a Bearer token:

bash

curl -H "Authorization: Bearer qfx_your_api_key_here" \
  https://app.quotefox.au/api/v1/dealers

Key Security

API keys are stored as SHA-256 hashes — we never store the plaintext key
If your key is compromised, contact support for a replacement
Do not embed keys in client-side code or public repositories
Use environment variables to manage keys in your applications

Authentication Errors

If your key is missing, invalid, or deactivated:

json

{
  "error": {
    "code": "INVALID_API_KEY",
    "message": "The provided API key is invalid or inactive.",
    "status": 401
  }
}

Authentication ​

Obtaining an API Key ​

Using Your API Key ​

Key Security ​

Authentication Errors ​

Authentication

Obtaining an API Key

Using Your API Key

Key Security

Authentication Errors