Dexero FD’s API (application programming interface) uses URI paths to give access to resources (data).

To use the REST API, your application will make an HTTP request, then decode the response.

The default response format is XML. If desired, you can request JSON instead of XML.

Dexero FD’s API has the following features:
  • Recovery of a list of files;
  • File creation;
  • File modification;
  • Search.
Dexero FD’s API is under version control. The API version number appears in its URI. For example, use this structure to request version 2 of the Dexero FD API:

About the API:

  • Latest version : 6
  • Security : SSL

Ex. :

  • The API version number is a whole number, like 1 or 2.
  • The API version is separate from the stated Dexero FD version number.
  • The API version number may change if the Dexero FD version number changes.
  • The API version number will only change when its updates breach the API contract, requiring modifications to the API’s code.
  • An addition to the API will not necessarily change its version number.

Authentication and authorization

Authentication allows your application to read and write data using the API. Dexero FD uses OAuth 2.0 for authentication and authorization.
OAuth 2.0 requires HTTPS.

OAuth 2.0 is a protocol that allows partners and applications to interact with Dexero FD. The main goal of having OAuth 2.0 support is to allow developers to interact with Dexero FD without storing sensitive information. It also allows users to manage their own connections.

If you aren’t familiar with the OAuth protocol, you can learn more on their website.

If you are familiar with OAuth 2.0, you just need to know the token endpoint.

Before starting to develop an application with Dexero FD, you’ll need a client number and secret key. The number and secret key will authenticate your request and ensure that the calls being made are valid.


Depending on how they’re used, credentials can provide access to a large amount of data. The more applications that use the same credentials, the higher the risk of a security breach. It’s extremely important that the credentials used to authenticate the client be kept extremely confidential. Ideally, these credentials should be renewed regularly.

Exchanging application credentials for an access token

The application must request an access token from the authorization server to authenticate the request with its client credentials.

POST settings

client_id: The value given to you when you register your request.
client_secret: The value given to you when you register your request.
grant_type: client_credentials

Receiving a PHP access token

$credentials = "your_client_id:your_client_secret";
$curl = curl_init( "" );
curl_setopt( $curl, CURLOPT_POST, true );
curl_setopt( $curl, CURLOPT_POSTFIELDS, 'scope=read&grant_type=client_credentials');
curl_setopt( $curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt( $curl, CURLOPT_HTTPHEADER, array( 'Authorization: Basic ' . base64_encode($credentials) ) );
$auth = curl_exec( $curl );
$secret = json_decode($auth);
$access_key = $secret->access_token;