Connect an API endpoint
REST API endpoint, two-step setup. Pick a tab — API key for public-with-link Google Sheets and many SaaS APIs; OAuth 2.0 for private auth-required sources.
By the end of this lesson
- A working API endpoint pulling JSON into DashboardFox tables
- An app on top of that endpoint your reports can use
You'll need
- Admin role in DashboardFox
- The API endpoint URL and any auth credentials (API key or OAuth)
- Postman (or similar) to test the request before you wire it up
Background
This tab covers the API key path — the simpler of the two API auth methods. You configure the endpoint URL, optionally pass an API key as a parameter or header, and DashboardFox fetches the JSON. Works for any REST API where the key alone (or no auth at all) is enough to get data.
The worked example is Google Sheets, accessed as an API. For Google Sheets specifically, API-key auth requires the sheet to be set to anyone with the link can view. If your sheet must stay private, you need OAuth 2.0 — see the OAuth 2.0 tab.
Two steps in DashboardFox:
Step A. Configure the API connection in Settings → Integrations → Manage API. You define an "API parent" (named connection) and one or more endpoints under it. Each endpoint has a URL, an auth method, and a response_path token that tells DashboardFox which JSON key holds the data. When you click Connect, DashboardFox fetches the response, flattens the JSON into one or more tables, and stores them in its internal Postgres database.
Step B. Build a normal Database app on top of that internal Postgres. The credentials are auto-generated and shown at Settings → Integrations → DB Credentials tab. You connect a Database app to localhost using those credentials, exactly like any other Postgres connection — except this database holds the data DashboardFox just fetched. From there, App Builder treats it like any database app.
The Manage API fetches lesson covers what to do after this — schedules, the action menu, multi-endpoint patterns, what to do when the JSON shape changes.
Stuck on auth, response_path, or the Database app step? Email team@dashboardfox.com with the API and what's failing. Real human, same business day.
Do it
-
Test the endpoint in Postman first
Before opening DashboardFox, confirm the API works. Paste your full URL into Postman, send the GET request, and look at the response. You're checking three things:
- Does the request return 200 OK?
- Is the response JSON?
- Which key in the JSON holds your data array? (That's your response_path — for Google Sheets, it's
values.)
If anything fails here, fix it before going further. DashboardFox is just an HTTP client at this layer — if the URL doesn't work in Postman, it won't work in DashboardFox.
-
Create the API parent connection
In DashboardFox, go to Settings → Integrations → Manage API → Create API.
- Name — a friendly name. For multi-endpoint setups, this is the parent (e.g.,
Google Sheets); individual endpoints go under it. For a one-off, name it after the source (e.g.,Sales Tracker Sheet). - Auth method — choose Manual for the API key path. (OAuth 2.0 is the other tab.)
Save the parent. You're now ready to add endpoints.
- Name — a friendly name. For multi-endpoint setups, this is the parent (e.g.,
-
Add the endpoint
Inside your new API parent, click Add Endpoint.
- Endpoint name — what this specific endpoint pulls (e.g.,
Sales Q4 Sheet). - URL — paste the full URL you tested in Postman, including the API key as a query parameter for Google Sheets.
- Response path (response_by_name) — type the JSON key from your Postman response. For Google Sheets, this is
values. - Headers — most public-with-key APIs need none. If your API requires headers (e.g.,
Authorization,X-API-Key), add them here. - Parameters — used for dynamic per-request parameters; not needed for the Google Sheets walkthrough. (Future lesson.)
Save.
- Endpoint name — what this specific endpoint pulls (e.g.,
-
Connect — fetch the data and preview the tables
From the endpoint's row, open the Action menu and click Connect. DashboardFox makes the HTTP request, parses the JSON, flattens it into one or more database tables, and stores them in its internal Postgres. Green check = success.
Click Preview from the same Action menu. You'll see a list of tables DashboardFox created from your response — usually named
API_2_2,API_2_3, etc. Click into each one to see its data. The "real" table — the one matching your response_path — is the one to remember; you'll point your reports at it.If the tables look wrong (no data, weird shape, the wrong subset of fields), the response_path is probably wrong. Fix it on the endpoint and Connect again. Manage API fetches covers the recovery flow with Purge & Connect.
-
Step B — create a Database app on top of internal Postgres
Now the second half. The data lives in DashboardFox's internal Postgres database; you need a regular Database app on top of it for App Builder to read from.
Open Settings → Integrations → DB Credentials tab. You'll see auto-filled connection details: host, database name, user, password. (These credentials only work from inside DashboardFox — they're not internet-accessible.) Note them down or keep this tab open.
Switch to Active Integrations → Create App. Pick Database.
- App Name — friendly name (e.g.,
Google Sheets Sales Data). - Database Driver — depends on your DBF version's internal DB; the DB Credentials tab tells you. PostgreSQL is the typical answer.
- Host / Database / User / Password — paste from the DB Credentials tab.
Click Test Connection, then Save & Apply.
- App Name — friendly name (e.g.,
-
Grant yourself access
Saving the app doesn't grant access to it — not even to you. Connecting and granting access are deliberately separate steps; that's what stops a new data source from being accidentally exposed before you've decided who should see it.
Go to Settings → Security → Apps, find your new app, click Edit, and assign yourself the App Builder role. Click Save & Apply.
Refresh the page; the app appears in App Builder, ready for the semantic-layer work in Module 3. To grant other users: Composer for people who'll build reports on this data, Agent for people who'll just run them. The Roles & permissions lesson covers the model in depth.
You have a working connection. Below is what to tighten before real users see it. Skip if you're just testing.
Make it real
Treat API keys like passwords — and rotate them
The API key is in the URL of the endpoint, which lives in DashboardFox. That's reasonably safe (only Admins can see it), but the URL is also probably in your browser history, your Postman history, possibly an internal docs page. Generate a new key for DashboardFox specifically rather than reusing one. Rotate quarterly. Limit the key's scope at the source — for Google Cloud, restrict the API key to the Sheets API only and to your DashboardFox server's IP.
Schedule the fetch — you almost always want this
Without a schedule, the data DashboardFox knows about is whatever it fetched the last time someone clicked Connect manually. For most use cases, that's not what you want. Manage API fetches covers scheduling, including how often makes sense for different data and how to verify it's running.
Use one API parent for related endpoints
If you're pulling 6 Google Sheets, create one Google Sheets parent and add 6 endpoints under it — not 6 separate API parents. Easier to manage, easier to grant access to as a unit, and the shared auth config (when you switch to OAuth) only needs to be set once.
Watch for rate limits at the source
Public APIs often have request quotas (Google Sheets API is generous but limited). If you've scheduled aggressive fetches across many endpoints, or if multiple apps share the same API key, you can hit the limit. Symptom: 429 Too Many Requests in the connection log. Fix: spread schedules out, request a higher quota at the source, or use OAuth (often higher limits than API key auth).
If you're stuck
The classic API-setup stumbles, in roughly the order they show up.
Connect succeeded but the preview shows weird tables with no useful data
The response_path is wrong. DashboardFox parsed the response but pointed at the wrong key in the JSON — so it flattened metadata or wrapper fields instead of your actual data array. Open the endpoint, fix the Response path (check Postman for which key holds the array), save, then run Action → Purge & Connect from Manage API fetches. Purge & Connect deletes the broken tables and re-fetches with the new path.
Test fails — Google Sheets returns 403
The sheet isn't shared as "Anyone with the link can view." Either change the sharing setting on the sheet, or switch to OAuth 2.0 (the other tab) which works with private sheets.
My JSON has nested arrays — DashboardFox created multiple tables
That's expected. DashboardFox flattens nested JSON into multiple related tables to preserve the structure. To use them as one logical dataset, you'll define joins in App Builder using the auto-generated key columns. The Module 3 semantic-layer lessons cover the joining patterns.
My API needs auth in a header, not a query parameter
Use the Headers field on the endpoint. Common patterns: Authorization: Bearer {token}, X-API-Key: {key}. Add the header name and value, save, Connect.
Database app step — Test Connection fails
You're using the right credentials but DashboardFox can't reach its own internal database — usually means you copied a value from the wrong row in DB Credentials, or your install differs from the standard layout. Re-open Settings → Integrations → DB Credentials, copy each value carefully (host, database, user, password — they look similar), and try again. If it still fails, email us — install-specific.
My new app isn't visible in App Builder
Step 6 wasn't done — granting yourself the App Builder role on the new app. Settings → Security → Apps, edit the app, assign yourself App Builder, save.
Can I connect to the internal DashboardFox Postgres from outside DBF?
No. The credentials shown on the DB Credentials tab only work from inside DashboardFox itself — the internal database isn't exposed externally. Don't try to point pgAdmin or another tool at it; it won't work, and the security boundary is intentional.
None of these match my situation
Email team@dashboardfox.com with the API, the URL pattern, and what's failing. Same business day reply.
Background
OAuth 2.0 is the auth path for APIs that require a logged-in user — private Google Sheets, Microsoft 365 sources, Salesforce, and most modern SaaS APIs. Instead of a static API key in the URL, you authorize DashboardFox once via a sign-in flow with the source, and the source returns a token DashboardFox uses for ongoing requests.
The two-step model from the API key tab is the same:
Step A. Configure the API + endpoint in Settings → Integrations → Manage API. Auth method = OAuth 2.0. The sign-in flow happens here, on first save.
Step B. Build a Database app on top of DashboardFox's internal Postgres (same as the API key tab — same credentials at Settings → Integrations → DB Credentials).
The difference is entirely in how Step A configures auth — the OAuth handshake replaces the API key in the URL. Once that's set up, Connect, Preview, scheduling, and everything else work the same as the API key tab.
While the video for this tab is in progress, the API key tab is the closest reference for the overall flow. For an OAuth setup today, email team@dashboardfox.com — we'll walk it together. The setup is a one-time thing, and we want to make sure it lands cleanly the first time.
Need to set this up before the video lands? Email team@dashboardfox.com with the source (Google, MS 365, Salesforce, etc.). Real human, same business day.
