{"activeVersionTag":"latest","latestAvailableVersionTag":"latest","collection":{"info":{"_postman_id":"9e8c65ee-1f9a-4d10-b7f6-e9f58080f903","name":"Internet Protection 2026 - API","description":"Welcome to the **Internet Protection 2026 API** documentation.\n\nThis API powers the Internet Protection 2026 web configuration portal and is also available for customers who wish to integrate portal's functionalities directly into their own systems or automation tools.\n\n---\n\n## 🧭 Overview\n\nThe Internet Protection 2026 API provides full access to all the functionalities already available in the web configuration portal.\n\nIn general, the API always mirrors the features and capabilities of the frontend application — anything that can be done through the web panel can also be achieved programmatically via the API.\n\nThe API is organized around **four main domains**, each corresponding to a key functional area of the system.\n\n### 1\\. **Authentication**\n\nHandles user authentication and authorization operations.\n\n**Main features:**\n\n- Register a new organization and its initial admin user\n    \n- Log in, log out, and refresh access tokens\n    \n- Verify user permissions to perform actions within a specific organization context\n    \n\n### 2\\. **Organization**\n\nManages organizations, sub-organizations, and their members.\n\n**Main features:**\n\n- List organization hierarchies and children\n    \n- Manage organization members (CRUD operations)\n    \n- Retrieve organization information\n    \n\n> Each organization can have multiple users (members) who access and manage its web panel. \n  \n\n### 3\\. **Network**\n\nHandles network-related operations and associations with policies.\n\n**Main features:**\n\n- Create, edit, and delete networks\n    \n- Validate new networks according to business logic rules\n    \n- Associate networks with existing protection policies\n    \n\n> The network endpoints perform validation checks to ensure that the requested configurations comply with Internet Protection's internal consistency rules. \n  \n\n### 4\\. **Protection**\n\nManages all protection configurations and policies.\n\n**Main features:**\n\n- Create and manage protection policies\n    \n- Block and allow categories on policies\n    \n- Add, update, or delete exceptions and associate those with policies\n    \n- Retrieve lists of blockable entities such as categories, countries, and TLDs\n    \n\n> These endpoints form the core of the DNS filtering configuration layer. \n  \n\n---\n\n## 🔐 Authentication\n\nThe API supports **two authentication methods**.\n\nChoose the one that best fits your integration use case.\n\n### 1\\. JWT (Bearer Token)\n\nUsed primarily by the Internet Protection 2026 web portal.\n\nInclude your JWT token in the `Authorization` header:\n\n``` http\nAuthorization: Bearer <ACCESS_TOKEN>\n\n ```\n\nThe token can be obtained via the `/auth/login` endpoint.\n\n### 2\\. API Key\n\nRecommended for **third-party integrations** or backend scripts.\n\nInclude your API key in the request header:\n\n``` http\nx-api-key: <YOUR_API_KEY>\n\n ```\n\nThe API key can be retrieved from the `/auth/login` endpoint response or by visiting the `/api` page of the web portal.\n\n🔒 **Security Note:**\n\nTreat both JWTs and API keys as sensitive credentials.\n\nDo not share or expose them in client-side code or public repositories.\n\n---\n\n## 🏢 Organization Context\n\nAlmost every API route supports the `organizationId` parameter, which determines the **organization context** on which the operation is performed.\n\nThis parameter is **not explicitly listed** in each route’s documentation because it is universally supported.\n\n### Behavior\n\n| Method | Where to provide `organizationId` | Description |\n| --- | --- | --- |\n| `GET` | Query parameter | Determines from which organization to fetch data |\n| `POST` | Request body | Determines in which organization to create or modify entities |\n\n### Examples\n\n#### Example 1 — Creating a Policy for Another Organization\n\nYou can include `organizationId` in the request body to create a policy for a specific organization (different from the one the requesting user belongs to).\n\n``` json\n{\n  \"name\": \"Guest Policy\",\n  \"isLimited\": false,\n  \"organizationId\": \"1234\"\n}\n\n ```\n\nIf `organizationId` is omitted, the API automatically uses the organization of the authenticated user.\n\n#### Example 2 — Listing Networks of a Specific Organization\n\nWhen calling the `/network` endpoint, by default it returns the networks belonging to the requester’s organization.\n\nIf you include `organizationId` as a query parameter, it returns the networks of the specified organization instead.\n\n```\nGET /network?organizationId=1234\n\n ```\n\n---\n\n## 🚫 Rate Limits\n\nThere is **no rate-limiting policy** enforced during this stage.\n\nFuture releases will introduce rate limits based on the purchased licence, so it’s good practice to design integrations with reasonable request pacing.\n\n---\n\n## ⚙️ Using This Postman Collection\n\nThis collection is structured and documented to make exploration and testing straightforward.\n\nEach request includes:\n\n- A **successful example response**\n    \n- Documented **path, query, and body parameters** with type, format, and description\n    \n- A **JSON schema** for the request body\n    \n\n### Environment Variables\n\nThis collection uses **Postman environment variables** to make requests reusable, configurable, and easier to test.\n\nWhen importing it, simply select the **Production** environment from the dropdown menu in the upper-right corner. Alternatively, you can create your own custom environment — just make sure to define the following variables to ensure all requests work correctly:\n\n| Variable | Description | Example |\n| --- | --- | --- |\n| `baseUrl` | The base URL of the API | `https://core.fsflt.net` |\n| `apiVersion` | Current API version | `v1` |\n\nYou can manage or create these variables from the **Environments** section in the left sidebar.\n\n### Login Script Automation\n\nThis collection includes a Postman script attached to the `/login` route.  \nAfter a successful login, the script automatically extracts both the **JWT access token** and the **organization ID** from the response and stores them as environment variables (`accessToken` and `organizationId`).\n\nThis means subsequent requests are automatically authenticated and associated with the correct organization, without any manual setup.\n\n### Other Environment Variables\n\nIn addition to the core variables above, many routes and examples reference **entity-specific environment variables** — such as `networkId`, `policyId`, `exceptionGroupId`, and others. These variables are used to dynamically build request URLs and bodies.\n\nYou can set these variables manually while testing, typically using data returned from previous requests.  \nFor example:\n\n- To test the **Delete an exception group** route:\n    \n    1. First, use the **Create an exceptyion group** route to create a new entity.\n        \n    2. Copy the returned id from the response and set it as the value of the `exceptionGroupId` environment variable.\n        \n    3. Then, execute the **DELETE** request — it will automatically reference the correct `exceptionGroupId` variable.\n        \n\nThis approach applies to all similar routes (e.g., networks, policies, etc.).  \nBy chaining requests in this way, you can easily simulate real workflows and test dependencies between entities.\n\n---\n\n## 🧾 Best Practices\n\n- Authenticate first using the **Login** route to retrieve your credentials.\n    \n- Use **API Key** authentication for backend or server-to-server use cases.\n    \n- Use **environment variables** for sensitive credentials and endpoints.\n    \n- Review **example responses** to understand expected structures and data models.\n    \n\n---\n\n## 🚀 Getting Started\n\n1. Import the collection into Postman.\n    \n2. Set the environment variables (`baseUrl` and `apiVersion`).\n    \n3. Authenticate using `/login` to obtain your credentials.\n    \n4. Explore the requests organized under the four domain folders.\n    \n5. Execute them and review example responses.\n    \n\n---\n\n## 📬 Support & Feedback\n\nFor issues, feedback, or clarifications about **this API**, please contact us by making a post on out Canny page, accessible from [this link](https://flashstart.canny.io/).","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","isPublicCollection":false,"owner":"38770009","team":6698853,"collectionId":"9e8c65ee-1f9a-4d10-b7f6-e9f58080f903","publishedId":"2sB3WnwMVm","public":true,"publicUrl":"https://docs.api.fsflt.net","privateUrl":"https://go.postman.co/documentation/38770009-9e8c65ee-1f9a-4d10-b7f6-e9f58080f903","customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"2c58fe"},"documentationLayout":"classic-single-column","customisation":{"metaTags":[{"name":"description","value":"View the official documentation of the Internet Protection 2026 APIs"},{"name":"title","value":""}],"appearance":{"default":"light","themes":[{"name":"dark","logo":"https://content.pstmn.io/3cf81dde-3b67-4f94-9e68-9321717c23f2/ZnNfbG9nb19zbWFsbF93aGl0ZS5wbmc=","colors":{"top-bar":"212121","right-sidebar":"303030","highlight":"2c58fe"}},{"name":"light","logo":"https://content.pstmn.io/afb1a122-f5bb-400c-b232-aee0e3828939/ZnNfbG9nb19zbWFsbC5wbmc=","colors":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"2c58fe"}}]}},"version":"8.10.1","publishDate":"2026-03-04T08:12:53.000Z","activeVersionTag":"latest","documentationTheme":"light","metaTags":{"title":"","description":"View the official documentation of the Internet Protection 2026 APIs"},"logos":{"logoLight":"https://content.pstmn.io/afb1a122-f5bb-400c-b232-aee0e3828939/ZnNfbG9nb19zbWFsbC5wbmc=","logoDark":"https://content.pstmn.io/3cf81dde-3b67-4f94-9e68-9321717c23f2/ZnNfbG9nb19zbWFsbF93aGl0ZS5wbmc="}},"statusCode":200},"environments":[],"user":{"authenticated":false,"permissions":{"publish":false}},"run":{"button":{"js":"https://run.pstmn.io/button.js","css":"https://run.pstmn.io/button.css"}},"web":"https://www.getpostman.com/","team":{"logo":"https://res.cloudinary.com/postman/image/upload/t_team_logo_pubdoc/v1/team/6c4999efed24e226e03090ddcf7888c2e59b78e7ee36db547716c54f08940020","favicon":"https://fsflt.net/favicon.ico"},"isEnvFetchError":false,"languages":"[{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"HttpClient\"},{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"RestSharp\"},{\"key\":\"curl\",\"label\":\"cURL\",\"variant\":\"cURL\"},{\"key\":\"dart\",\"label\":\"Dart\",\"variant\":\"http\"},{\"key\":\"go\",\"label\":\"Go\",\"variant\":\"Native\"},{\"key\":\"http\",\"label\":\"HTTP\",\"variant\":\"HTTP\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"OkHttp\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"Unirest\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"Fetch\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"jQuery\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"XHR\"},{\"key\":\"c\",\"label\":\"C\",\"variant\":\"libcurl\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Axios\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Native\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Request\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Unirest\"},{\"key\":\"objective-c\",\"label\":\"Objective-C\",\"variant\":\"NSURLSession\"},{\"key\":\"ocaml\",\"label\":\"OCaml\",\"variant\":\"Cohttp\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"cURL\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"Guzzle\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"HTTP_Request2\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"pecl_http\"},{\"key\":\"powershell\",\"label\":\"PowerShell\",\"variant\":\"RestMethod\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"http.client\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"Requests\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"httr\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"RCurl\"},{\"key\":\"ruby\",\"label\":\"Ruby\",\"variant\":\"Net::HTTP\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"Httpie\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"wget\"},{\"key\":\"swift\",\"label\":\"Swift\",\"variant\":\"URLSession\"}]","languageSettings":[{"key":"csharp","label":"C#","variant":"HttpClient"},{"key":"csharp","label":"C#","variant":"RestSharp"},{"key":"curl","label":"cURL","variant":"cURL"},{"key":"dart","label":"Dart","variant":"http"},{"key":"go","label":"Go","variant":"Native"},{"key":"http","label":"HTTP","variant":"HTTP"},{"key":"java","label":"Java","variant":"OkHttp"},{"key":"java","label":"Java","variant":"Unirest"},{"key":"javascript","label":"JavaScript","variant":"Fetch"},{"key":"javascript","label":"JavaScript","variant":"jQuery"},{"key":"javascript","label":"JavaScript","variant":"XHR"},{"key":"c","label":"C","variant":"libcurl"},{"key":"nodejs","label":"NodeJs","variant":"Axios"},{"key":"nodejs","label":"NodeJs","variant":"Native"},{"key":"nodejs","label":"NodeJs","variant":"Request"},{"key":"nodejs","label":"NodeJs","variant":"Unirest"},{"key":"objective-c","label":"Objective-C","variant":"NSURLSession"},{"key":"ocaml","label":"OCaml","variant":"Cohttp"},{"key":"php","label":"PHP","variant":"cURL"},{"key":"php","label":"PHP","variant":"Guzzle"},{"key":"php","label":"PHP","variant":"HTTP_Request2"},{"key":"php","label":"PHP","variant":"pecl_http"},{"key":"powershell","label":"PowerShell","variant":"RestMethod"},{"key":"python","label":"Python","variant":"http.client"},{"key":"python","label":"Python","variant":"Requests"},{"key":"r","label":"R","variant":"httr"},{"key":"r","label":"R","variant":"RCurl"},{"key":"ruby","label":"Ruby","variant":"Net::HTTP"},{"key":"shell","label":"Shell","variant":"Httpie"},{"key":"shell","label":"Shell","variant":"wget"},{"key":"swift","label":"Swift","variant":"URLSession"}],"languageOptions":[{"label":"C# - HttpClient","value":"csharp - HttpClient - C#"},{"label":"C# - RestSharp","value":"csharp - RestSharp - C#"},{"label":"cURL - cURL","value":"curl - cURL - cURL"},{"label":"Dart - http","value":"dart - http - Dart"},{"label":"Go - Native","value":"go - Native - Go"},{"label":"HTTP - HTTP","value":"http - HTTP - HTTP"},{"label":"Java - OkHttp","value":"java - OkHttp - Java"},{"label":"Java - Unirest","value":"java - Unirest - Java"},{"label":"JavaScript - Fetch","value":"javascript - Fetch - JavaScript"},{"label":"JavaScript - jQuery","value":"javascript - jQuery - JavaScript"},{"label":"JavaScript - XHR","value":"javascript - XHR - JavaScript"},{"label":"C - libcurl","value":"c - libcurl - C"},{"label":"NodeJs - Axios","value":"nodejs - Axios - NodeJs"},{"label":"NodeJs - Native","value":"nodejs - Native - NodeJs"},{"label":"NodeJs - Request","value":"nodejs - Request - NodeJs"},{"label":"NodeJs - Unirest","value":"nodejs - Unirest - NodeJs"},{"label":"Objective-C - NSURLSession","value":"objective-c - NSURLSession - Objective-C"},{"label":"OCaml - Cohttp","value":"ocaml - Cohttp - OCaml"},{"label":"PHP - cURL","value":"php - cURL - PHP"},{"label":"PHP - Guzzle","value":"php - Guzzle - PHP"},{"label":"PHP - HTTP_Request2","value":"php - HTTP_Request2 - PHP"},{"label":"PHP - pecl_http","value":"php - pecl_http - PHP"},{"label":"PowerShell - RestMethod","value":"powershell - RestMethod - PowerShell"},{"label":"Python - http.client","value":"python - http.client - Python"},{"label":"Python - Requests","value":"python - Requests - Python"},{"label":"R - httr","value":"r - httr - R"},{"label":"R - RCurl","value":"r - RCurl - R"},{"label":"Ruby - Net::HTTP","value":"ruby - Net::HTTP - Ruby"},{"label":"Shell - Httpie","value":"shell - Httpie - Shell"},{"label":"Shell - wget","value":"shell - wget - Shell"},{"label":"Swift - URLSession","value":"swift - URLSession - Swift"}],"layoutOptions":[{"value":"classic-single-column","label":"Single Column"},{"value":"classic-double-column","label":"Double Column"}],"versionOptions":[],"environmentOptions":[{"value":"0","label":"No Environment"}],"canonicalUrl":"https://docs.api.fsflt.net/view/metadata/2sB3WnwMVm"}