A
ARXDevelopers
Quickstart

Build your first integration

Go from zero to your first authenticated API call. The flow is OAuth 2.0 authorization code with PKCE.

1

Register an app

Create an app to get a client_id. Choose Confidential for a server-side app (you also get a client_secret) or Public for an SPA / mobile / CLI that uses PKCE only. Add your redirect URI and request the scopes you need.

Create an app
2

Generate a PKCE verifier & challenge

PKCE protects the authorization code in transit. Generate a random code_verifier and derive the code_challenge from its SHA-256.

# 1. Create a high-entropy verifier code_verifier=$(openssl rand -base64 64 | tr -d '\n=+/' | cut -c1-64) # 2. Derive the challenge (base64url of its SHA-256) code_challenge=$(printf "%s" "$code_verifier" \ | openssl dgst -sha256 -binary \ | openssl base64 | tr '+/' '-_' | tr -d '=')
3

Send the user to authorize

Redirect the founder to the authorize endpoint with your client_id, redirect URI, scopes, a random state, and the challenge. They approve the scopes; Arx redirects back with a ?code=.

https://api.foundersarx.com/oauth/authorize ?response_type=code &client_id=YOUR_CLIENT_ID &redirect_uri=https://your-app.com/oauth/callback &scope=company:read%20captable:read &state=RANDOM_STATE &code_challenge=BASE64URL_SHA256_OF_VERIFIER &code_challenge_method=S256
4

Exchange the code for tokens

POST the code plus your code_verifier to the token endpoint. Confidential apps also send the client_secret. You get an access_token (and a refresh_token if you requested offline_access).

curl -X POST https://api.foundersarx.com/oauth/token \ -H "Content-Type: application/x-www-form-urlencoded" \ -d grant_type=authorization_code \ -d code=THE_CODE_FROM_REDIRECT \ -d redirect_uri=https://your-app.com/oauth/callback \ -d client_id=YOUR_CLIENT_ID \ -d client_secret=YOUR_CLIENT_SECRET \ -d code_verifier=$code_verifier
5

Call the API

Send the access token as a bearer token. Pick the workspace with the x-arx-company header. Here we read the cap table.

curl https://api.foundersarx.com/api/v1/cap-table \ -H "Authorization: Bearer ACCESS_TOKEN" \ -H "x-arx-company: COMPANY_ID"

That’s it — you’re integrated. Explore every endpoint in the reference.

Open the API reference
Prefer server-to-server automation without a user present? Create an API key from your app’s API keys tab and send it as a bearer token instead of running the OAuth flow.