There are multiple token types that you will encounter. This page covers when each token should be used, how to acquire them, and other information related to authorization.

The types of API tokens are:

  • Partner Token
  • Firm Token
  • Payment Session Token
  • Onboarding Token

To use an API token, add it to your request as the x-api-key header.

Our API tokens are prefixed with some human readable information. For example, a Partner Token may start with p_secret_sandbox_. The p indicates it’s a Partner Token, secret indicates it’s a secret and should be treated as one, and sandbox indicates that this is for the sandbox environment.

Partner Token

Partner tokens are generated through the Confido Legal partner portal under settings.

If you do not have a partner account, please reach out to and we will get you set up.

Partner tokens should never be shared with the frontend. Keep them secured on your server.

The primary use of a Partner Token is to create Firms and Firm Tokens. Below is an example partner token.

p_secret_sandbox_85f5a425**************afb6b1a6

Firm Token

Firm tokens are generated with the createFirmApiToken mutation or the createFirm mutation. This request can be made using a Partner API Token.

Firm tokens should never be shared with the frontend. Keep them secured on your server.

Firm tokens are used for most requests to the Confido Legal API. Some common examples are addPaymentLink, addClient, and addMatter. They are also used to create Payment Session Tokens for hosted fields. Below is an example firm token.

f_secret_sandbox_92828393***************assdj3

Payment Session Token

Payment Session Tokens are generated with the createPaymentToken mutation. This request can only be made with a Firm API token.

Payment Session Tokens are a one time use token that should be used to initialize the Confido Legal javascript SDK on your frontend. These tokens are meant to be shared with your frontend code.

pay_public_sandbox_31319asd**********123alskdow

For more about Payment Sessions see the hosted fields section.

Onboarding Token

Onboarding Tokens are generated with the createOnboardingToken mutation. This request can only be made with a Firm API token.

Onboarding Tokens are short term tokens that should be used to initialize the Confido Legal javascript SDK on your frontend. These tokens are meant to be shared with your frontend code.

onboarding_public_sandbox_31319asd**********123alskdow

For more about Onboarding see the hosted fields section.