Mark Jeffords - FileMaker Pro Consultant
Email - Mark Jeffords
FileMaker consulting and development by Mark’s Pro FM, LLC.
Call - (214) 663-7493

Connect FileMaker to the Web with the Data API

The FileMaker Data API is a modern REST interface that lets your websites, mobile apps, and cloud services securely read and write FileMaker data in real time—using standard HTTPS and JSON.

How it works What you can build

Quick Facts

  • ✅ RESTful over HTTPS
  • ✅ JSON requests & responses
  • ✅ Works with FileMaker Server/Cloud
  • ✅ Honors FileMaker privilege sets

Seamless Integration

Connect FileMaker to portals, e-commerce, CRMs, BI tools, and automations without ODBC friction.

Real-Time Data

Push and pull live data for status dashboards, customer self-service, and mobile field apps.

Security First

TLS encryption + FileMaker accounts and privilege sets control exactly who sees what.

Web-Native

Use standard tools like fetch, cURL, Python requests, or PHP—no proprietary drivers.

How the FileMaker Data API Works

  1. Authenticate → POST login, receive a short-lived session token.
  2. Make requests → Find, create, edit, delete records; upload/download container data via HTTPS.
  3. Get JSON back → Parse in any language or framework.
  4. Close session → Logout to free server resources and stay tidy. 
# 1) Login — get a token
curl -s -X POST \
  "https://YOUR-FMS/fmi/data/v2/databases/YourDB/sessions" \
  -H "Content-Type: application/json" \
  -d '{"fmDataSource":[{"database":"YourDB"}]}' \
  -u "username:password"

# 2) Find records (replace TOKEN, layout & query)
curl -s -X POST \
  "https://YOUR-FMS/fmi/data/v2/databases/YourDB/layouts/YourLayout/_find" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer TOKEN" \
  -d '{"query":[{"Status":"Open"}], "sort":[{"fieldName":"CreatedOn","sortOrder":"descend"}]}'

# 3) Logout
curl -s -X DELETE \
  "https://YOUR-FMS/fmi/data/v2/databases/YourDB/sessions/TOKEN"

// Login
const login = await fetch("https://YOUR-FMS/fmi/data/v2/databases/YourDB/sessions", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({ fmDataSource: [{ database: "YourDB" }] }),
  credentials: "include" // optional if using basic auth proxy
});
const { response } = await login.json();
const token = response?.token;

// Find records
const find = await fetch("https://YOUR-FMS/fmi/data/v2/databases/YourDB/layouts/YourLayout/_find", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    "Authorization": `Bearer ${token}`
  },
  body: JSON.stringify({ query: [{ Status: "Open" }] })
});
const data = await find.json();

<?php
$server = "https://YOUR-FMS";
$db     = "YourDB";
$layout = "YourLayout";
$user   = "username";
$pass   = "password";

// Login
$login = curl_init("$server/fmi/data/v2/databases/$db/sessions");
curl_setopt_array($login, [
  CURLOPT_POST => true,
  CURLOPT_HTTPHEADER => ["Content-Type: application/json"],
  CURLOPT_POSTFIELDS => json_encode(["fmDataSource" => [["database" => $db]]]),
  CURLOPT_USERPWD => "$user:$pass",
  CURLOPT_RETURNTRANSFER => true
]);
$token = json_decode(curl_exec($login), true)["response"]["token"] ?? null;
curl_close($login);

// Find example
$ch = curl_init("$server/fmi/data/v2/databases/$db/layouts/$layout/_find");
curl_setopt_array($ch, [
  CURLOPT_POST => true,
  CURLOPT_HTTPHEADER => [
    "Content-Type: application/json",
    "Authorization: Bearer $token"
  ],
  CURLOPT_POSTFIELDS => json_encode([
    "query" => [["Status" => "Open"]],
    "sort"  => [["fieldName" => "CreatedOn", "sortOrder" => "descend"]]
  ]),
  CURLOPT_RETURNTRANSFER => true
]);
$result = json_decode(curl_exec($ch), true);
curl_close($ch);

// Logout
$logout = curl_init("$server/fmi/data/v2/databases/$db/sessions/$token");
curl_setopt_array($logout, [CURLOPT_CUSTOMREQUEST => "DELETE", CURLOPT_RETURNTRANSFER => true]);
curl_exec($logout); curl_close($logout);
Tip: scope access via FileMaker privilege sets; use dedicated “API” accounts with least-privilege.

Popular Use Cases

Customer & Vendor Portals

Let users view orders, pay invoices, submit service requests, and track statuses directly from FileMaker.

Field & Mobile Apps

Sync inspections, photos, signatures, and GPS data with your central FileMaker system.

Dashboards & BI

Pipe live data into charts or BI tools for real-time decision-making.

Automation & Webhooks

React to Stripe payments, web forms, or IoT events by creating/updating FileMaker records.

Key Considerations

Logins return a token that expires after inactivity; keep sessions short and logout when done. Use least-privilege API accounts.

Prefer targeted finds, paginate results, cache reads, and move large media via signed URLs when possible. Consider worker queues for bursts.

Enforce HTTPS, rotate credentials, validate inputs, and log API activity. Align privilege sets with the data that each integration needs.

Need help implementing the Data API?

We build secure, scalable integrations tailored to your FileMaker stack.

Start a project
Ephesians 2:10 — "For we are God's handiwork, created in Christ Jesus to do good works, which God prepared in advance for us to do."