Fortress utilizes Auth0 for secure access and authentication into our APIs. Using the Fortress tenant and hitting the Auth0 API will return a bearer token to be used on all subsequent calls. The response will include a timestamp that will let you know how long the bearer token will be valid for before needing to obtain a new one.

The following is the call needed to obtain your bearer token:

POST {auth0_url}/oauth/token

  "grant_type": "password",
  "client_id": "{{client-id}}",
  "audience": "",
  "username": "{{org-email}}", //Email used to intially setup your organization
  "password": "{{org-password}}", //Password provided by Fortress for Integrator
  "scope": "offline_access"

Speak to your Solutions Engineer about acquiring your organization's specific credentials for the above call.

Read Only API Users

Read Only API Users can now be created and linked to an existing Organization. The Read Only API Key can only perform GET requests to your existing identities, accounts, transactions, etc.


  1. Obtain a Bearer token for your current organization, and make the readonly API call
POST /api/organization/v1/current-organization/readonly (Current Organization Auth Needed)

//Sample Request Schema

  "email": "string" // needs to be a unique email  

// Response

    "id": "{{returned UUID}}",
    "name": "{{Name of your Org}}",
    "phone": "{{Phone number tied to your Org}}",
    "email": "{{Email associated with your current Org}}",
    "readonlyEmail": "{{Email from the request body}}", // Read only user's "username"
    "readonlyPassword": "{{Password generated for your read only user}}" // Read only user's "password"
  1. Pass along the readonlyEmail , readonlyPassword to your read only API user, as well as that other values you use for obtaining your master API's bearer token (client_id, audience, grant_type).
  2. As the read only API user, obtain your bearer token from the auth endpoint, just as your master API user would:
POST {auth0_url}/oauth/token

    "grant_type": "password",  
    "username": "{{readonlyEmail}}",  
    "password": "{{readonlyPassword}}",  
    "audience": "{{audience}}",  
    "client_id": "{{client_id}}"  
  1. With your read only API bearer token, you can now make GET calls to pull information from the Master APIs Organization.

What’s Next