API Authentication Q&A

Currently, Filevine uses personal access tokens (PAT). Read more about PAT.

No. The client ID and secret are highly sensitive and should be treated like a password. Anyone using a client ID or secret for an existing integration should be prepared to update their code with a new client ID/secret upon expiration. 

Client Secrets expire after a year by default. They can be replaced by the customer at any time. For Certified Partners, Filevine provides the new secrets directly to Certified Partners when replacements are needed.

If you would like to generate a new secret before expiration, you can do so in the Account Manager, in Access Token > Client Secrets. Read Authenticate Requests to the API Gateway to more details.

Our recommendation is to use a Service Account, which can be found in the Service Accounts Advanced tool. (Click Main Menu > Advanced > Service Accounts.)

If you're creating your own integration using the Personal Access Token method, you can create a service account and select "Adhoc" in the dropdown. Use the following Support article that outlines how to use the Integrations and Service Accounts Advanced tools: https://support.filevine.com/hc/en-us/articles/30444924078747-Enable-a-Certified-Partner-Integration

There are a number of reasons for getting an invalid client error.

First, check to make sure your client ID and secret are still valid in the Client Secret tab of the Access Tokens section in Account Manager.

Second, ensure you are hitting the right Filevine Identity Endpoint. (Please refer to our API documentation to confirm these URLs.)

• US: https://identity.filevine.com/connect/token
• CA: https://identity.filevine.ca/connect/token

Third, you may need to encode your client_Id in your request. You will find cURL sample below with the "data-urlencode" tag:

```curl --request POST \

  --url https://identity.filevine.com/connect/token \

  --header 'Accept: application/json' \

  --header 'Content-Type: application/x-www-form-urlencoded' \

  --data client_id=ID \

  --data-urlencode "client_secret=SECRET" \

  --data grant_type=personal_access_token \

  --data 'scope=fv.api.gateway.access tenant filevine.v2.api.* email openid fv.auth.tenant.read fv.vitals.api.* fv.payments.api.all filevine.v2.webhooks' \

  --data token=TOKEN```

Note: Check the documentation on your programming language or tool on how to encode strings.

Filevine no longer supports anonymous IP addresses. VPNs such as NordVPN, Express VPN, and SurfShark may use anonymous IP addresses. The Filevine cloud firewall flags these anonymous IPs as malicious access attempts to Filevine. In 2024, Filevine has taken more aggressive measures to flag anonymous IP addresses as a proactive security enhancement.

Many VPN products can offer a better experience to allow an individual to be identified as legitimate without affecting products like Filevine. We recommend using an established enterprise-grade VPN or using an anonymous VPN service that provides a static IP address. Please see your VPN provider’s documentation for more guidance on how to do this.

If your organization utilizes an anonymous VPN with a static IP address, please reach out to Filevine Support and provide the IP address so that our team can add the address to our authorized-IP list.

Note: As of December 2024, we are working on updating our firewall settings to permit anonymized IPs. This is expected Q1 of 2025.