Skip to main content

Authorization

Follow this guide to create a new AppFigures credential that will allow Nexla to authenticate to and exchange data with your AppFigures account.
appfigures_api_auth.png

AppFigures

Prerequisites

The Nexla AppFigures connector authenticates using a 3-legged OAuth 2.0 flow. You will need an AppFigures account with a registered API client to obtain the Client ID and Client Secret required by the credential overlay. All API requests are sent over HTTPS to https://api.appfigures.com/v2/.

Register an AppFigures API Client

  1. Sign in to your AppFigures account at appfigures.com.

  2. Navigate to the API Clients page at appfigures.com/developers/keys. This page is the central place to register and manage OAuth 2.0 clients tied to your account.

  3. Click Create a new API Client (or New Client) to open the client registration form.

  4. Provide the requested details for the new client:

    • Name: Enter a descriptive name for the client (for example, Nexla Integration). This name is shown on the AppFigures consent screen during authorization.

    • Description: Optionally enter a short description of how the client will be used.

    • Redirect URI: Set this to the Nexla OAuth callback URL displayed in the Nexla credential overlay. The redirect URI registered with AppFigures must exactly match the URI Nexla uses during the authorization flow.

  5. Select the permissions (scopes) that the client requires. Scopes follow the {resource}:{access} format (for example, public:read, private:read, account:read). The Nexla connector default scope set is public:read,private:read,account:read, which grants read access to public app data, your own private app data, and account-level metadata. For complete information about AppFigures scopes, see the AppFigures scopes reference.

    Select only the scopes that are required for the data your flows will read. Account administrators can revoke a client's authorization at any time from appfigures.com/account/clients.

  6. Submit the form to create the client. AppFigures issues a Client Key (also referred to as client_id) and a Client Secret (also referred to as client_secret). Copy both values immediately and store them in a secure secret manager — the Client Secret is shown only at creation time and cannot be retrieved later.

Important

The Client Secret grants access to AppFigures data on behalf of any user who has authorized your client. Treat it like a password — never commit it to source control, and rotate it immediately if you suspect it has been exposed.

For complete information about the OAuth 2.0 flow and endpoints used by AppFigures, see the AppFigures OAuth 2.0 documentation and the broader AppFigures API documentation.

Create an AppFigures Credential

  • To create a new AppFigures credential, after selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.

Credential Name & Description

  1. Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.

    Resource descriptions are recommended but are not required. They should be used to provide information about the resource purpose, data freshness, etc. that can help the owner and other users efficiently understand and utilize the resource.

OAuth 2.0 Authentication

AppFigures uses a 3-legged OAuth 2.0 authorization-code flow. After you supply the client credentials, Nexla redirects you to AppFigures to sign in and approve the requested scopes, then exchanges the returned authorization code for an access token and refresh token, which are stored on the credential.

  1. Confirm that the Authorization URL field is set to https://api.appfigures.com/v2/oauth2/authorize. This is the default value and should not be changed unless AppFigures has issued updated guidance.

  2. Enter the Client Key issued by AppFigures for your registered API client in the Client ID field. This identifier is shown on the AppFigures API Clients page after the client is created.

  3. Confirm that the Access Scope field is set to the scopes you selected when registering the API client. The default is public:read,private:read,account:read. Scopes are comma-separated and must match (or be a subset of) the scopes enabled on the client. For complete information, see the AppFigures scopes reference.

  4. Confirm that the Token URL field is set to https://api.appfigures.com/v2/oauth2/access_token. This is the default value and should not be changed unless AppFigures has issued updated guidance.

  5. Enter the Client Secret issued by AppFigures for your registered API client in the Client Secret field. This value is shown only once at client creation time and is treated as a secret.

  6. Click Authorize to launch the AppFigures consent screen. Sign in to the AppFigures account that will be connected, and approve the requested scopes for your client. AppFigures redirects back to Nexla with an authorization code, and Nexla automatically exchanges the code for an access token and refresh token at the Token URL. The resulting tokens are stored on the credential and will be refreshed automatically by Nexla as needed.

    Authorized clients can be reviewed and revoked at any time at appfigures.com/account/clients. Revoking the authorization in AppFigures will invalidate the stored tokens in Nexla, and the credential will need to be re-authorized.

Save the Credential

  1. Once all of the relevant steps in the above sections have been completed, click the Save button at the bottom of the overlay to save the configured credential.

  2. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation and can be selected for use with a new data source or destination.