Skip to main content

API Overview

Enable and use the Donorfy API securely to retrieve, create, update, and manage data.

Cristina Gruita avatar
Written by Cristina Gruita
Updated over a month ago

Cross-Origin Resource Sharing (CORS) is not supported by the Donorfy API for security reasons. The API is designed for server-side use only.
Request API Access

API access is disabled by default and must be enabled by Donorfy Support.

  1. Create a support request asking for API access to be enabled.

  2. Wait for confirmation before continuing with setup.

The API is intended for server-side integrations where access keys can be stored securely and IP addresses can be restricted.

Configure API Permissions

Once API access is enabled, you must create at least one API permission.

  1. Go to Settings, then click API Settings.

  2. Click Add Permission to create a new permission.

Enter the following details:

  1. Name – A descriptive name such as Website or Integration Partner.

  2. IP Address start & end – The allowed IP range that can access the API.

  3. Click Save to generate the permission.

An Access Key is generated automatically and displayed in the permissions list.

πŸ“Œ Note: You can edit the name or IP range at any time. Deleting a permission immediately revokes API access.

Understand API Authentication

The Donorfy API uses basic authentication over HTTPS.

  1. Use any value you choose as the username.

  2. Use the generated Access Key as the password.

  3. Pass both values in a correctly formed Authorization header.

The username is recorded in the Donorfy change log, allowing you to identify which integration or user made each change.

Use the API Endpoints

The Donorfy API is a REST api using JSON for data exchange.

Base URL

All requests use the following structure:

https://data.donorfy.com/api/v1/{YourApiKey}/

Only HTTPS connections are supported.

Supported HTTP Verbs

Use the appropriate verb for each operation.

  1. GET – Retrieve data.

  2. POST – Add new data.

  3. PUT – Update existing data.

  4. DELETE – Remove data.

πŸ“Œ Note: When updating records with PUT, you only need to include the properties you want to change. Other values remain unchanged.

Understand Data Handling Rules

The API enforces strict but forgiving data-handling behaviour.

  1. Unknown properties are ignored but valid properties are still processed.

  2. Properties with invalid values, such as malformed dates, are ignored.

  3. Entity IDs are Universally Unique Identifiers (GUIDs) passed as strings.

Date formats must follow these standards:

  1. Date only: YYYY-MM-DD.

  2. Date and time: YYYY-MM-DDTHH:MM:SS.mmmZ.

Other data types:

  1. Boolean values must be true or false.

  2. Numbers may include up to two decimal places.

To clear an existing date value, pass 0001-01-01.

Work With Donorfy Entities

Each API endpoint supports a specific set of properties.

  1. Some properties can be set only when creating a record.

  2. Some properties can be retrieved but not updated.

  3. Unsupported changes are ignored without failing the request.

πŸ“Œ Note: Refer to the API documentation page alongside the knowledge base for entity-specific details such as Constituents, Transactions, and Recurring Payment Instructions.

Monitor Rate Limits

The API has a usage limit to protect system performance.

⚠️ Important: The current rate limit is 301 requests per minute.

  1. Exceeding the limit temporarily disables API access.

  2. Disabled access returns a 400 error response.

  3. Donorfy will contact the account Main Contact if limits are exceeded.

Interpret API Responses

Understanding responses helps with debugging and error handling.

Successful Responses

A successful request returns HTTP 200 – OK.

  1. GET requests return the requested entity.

  2. POST requests return the ID of the created entity and any linked records.

Error Responses

Common error responses include:

  1. 400 – Bad Request for invalid JSON or validation errors.

  2. 404 – Not Found when an entity ID does not exist.

Validation error messages are included in the response body.

Review API Changes in the Changelog

All API-driven changes are logged for auditing.

  1. Open a constituent Timeline.

  2. Review the Changelog entries.

The username shown matches the username used during API authentication, helping you trace changes back to a specific integration.

⚠️Important:
The Donorfy API is a Professional-only feature. Essential and Starter subscribers, please contact us to find out more about upgrading.

Related Articles
Donorfy API Overview for Developers
Troubleshoot the Donorfy API
Work with Constituents Using the API
Manage Gift Aid Declarations Using the API
Use Lists via the API
Did this answer your question?