Getting Started

1. Create a user account and verify your email address by clicking the link sent to your email address.

2. Create a FastBound account by choosing a plan. You will need a valid FFL number to create an account. Please add “TEST” to the beginning of your account nickname.

3. Generate an API Key by navigating to the Settings for the account you just created. Click the Generate link under API Key. Your FastBound Account Number and API Key are the credentials you’ll use to access our API. Each FFL requires a separate FastBound account. Each FastBound account has a unique Account Number and API Key.

4. Expand the GET Account API call and click Try It Out. Enter your FastBound account number, and click Execute. Then, enter your FastBound Account Number as the username and your API key as the password.

That’s it — you have successfully connected to a FastBound account via our API!

Integrations Scenarios

Contacts

Every acquisition or disposition in FastBound requires a Contact. Any Federal Firearms Licensee (FFL), organization (i.e., police department), or individual you acquire firearms from or dispose firearms to is a Contact in FastBound.

Specific fields are required depending on the type of contact:

• If your contact represents an FFL, fflNumber, fflExpires, licenseName, tradeName are required. sotein, sotClass, and businessType are optional.

• If your contact represents an organization, organizationName is required.

• If your contact represents an individual, firstName and lastName are required. middleName is optional.

All types of contacts require a premiseAddress1, premiseCity, premiseState, premiseZipCode, and premiseCountry. Fields omitted from create and update requests will be set to null. If you want to erase a value, set that property to null, which is not the same as an empty string.

Receiving Inventory

When an FFL receives firearms, the firearms must be acquired and committed in FastBound within 1, 7, or 15 business days, depending on the type of FFL held by the receiving transferee.

Our Acquisitions/CreateAndCommit API is the easiest way to acquire all firearms received from the same contact in a single request and response. contactId and contactExternalId can only reference an already-created contact, or you can create a new contact with the nested contact object.

Alternatively, separate API calls exist to create an acquisition, attach a contact, and add firearms before finally committing the acquisition.

Over-the-Counter Transfer / Sale with Form 4473

A Firearms Transaction Record, or ATF Form 4473, is a form prescribed by the ATF completed by an individual seeking to have firearms transferred to them from a Federal Firearms License (FFL) holder, such as a gun dealer. FastBound publishes several webhooks that integrated software can use. Integrated software should create a webhook, subscribing to the following events:

1. disposition.items.added – One or more items are added to a pending disposition, including adding items to a 4473.

2. disposition.items.edited – One or more items on a pending disposition have been edited (currently, just sales price).

3. disposition.items.removed – One or more items are removed from a pending disposition, including removing items from a 4473.

4. form4473.completed – A 4473 is completed. The webhook body contains an API URL from which to download the 4473 PDF.

5. disposition.committed – A pending disposition is committed to the A&D record.

Transfer

When an FFL transfers a firearm to another FFL–between stores or any other FFL for an online sale–the transferor’s A&D record must have a disposition, and the transferee’s FFL must have a corresponding acquisition.

When committing a disposition via Dispositions/CreateAndCommit or Dispositions/Commit, FastBound will check if the email address on the disposition contact is a FastBound user. If so, FastBound will create a pending (not committed) acquisition in the transferee’s FastBound account.

When a Disposition API call successfully creates a pending acquisition in another FastBound account, the following HTTP response headers indicate the account, acquisition ID, and deep link to the pending acquisition created:

• X-FastBound-AcquisitionAccount is the 5-6 digit account number in which the pending acquisition was created.

• X-FastBound-AcquisitionId is the GUID of the pending acquisition that was created.

• X-FastBound-AcquisitionUrl is the absolute URL to the pending acquisition in the FastBound web application.

Best Practices

Safe Updates with PUT Requests

Our API currently does not support the PATCH verb, which is sometimes used for partial updates. When performing updates, you must use the PUT method. It’s important to note that omitting properties in a PUT request will result in those properties being set to null.

To avoid this, we recommend following a two-step process for updating objects: first, perform a GET request to retrieve the existing object and make your changes to the relevant fields, and then submit a PUT request with the complete object, including both the unchanged and updated properties, which ensures that no data is unintentionally lost or nullified.

Respect Rate Limits

FastBound imposes a rate limit of 60 requests per minute for each API key, meaning an API key can make up to 60 requests to the API in a one-minute window. You can limit your requests to one per second or make 60 requests in one second, but then you’ll have to wait 59 seconds before making another request with that API key.

Fail Fast

When an API request to FastBound fails, we recommend you revert the corresponding transaction in your system and show a message to the user. Errors of this nature are generally not temporary and necessitate corrective action. Queueing requests can delay or block subsequent requests. Every unresolved failure, often overlooked in reports or administrative interfaces, is a potential ATF violation.

Use FastBound IDs over External IDs

We recommend that integrated software store FastBound’s ID for Contacts and Items. FastBound Contact IDs and Item IDs are RFC 9562 v4 GUIDs. All FastBound API calls use these IDs. FastBound supports external IDs, but these often result in additional API calls and are not preferred.

Do Not Automatically Commit Dispositions

Dispositions can only be committed when the firearm has left the premises. In states with waiting periods like California, payment is received at least ten days before the firearm leaves the premises. If an FFL has a compliance inspection during that time, every instance of a firearm marked as disposed that is still on the premises is a violation. An acceptable compromise is asking a worker if the firearms have left the premises.

Report of Multiple Sale

If you commit dispositions, when you Commit (or CreateAndCommit) a pending disposition, FastBound may generate a report of multiple sales. If this happens, an HTTP response header named X-FastBound-MultipleSale will contain true, and X-FastBound-MultipleSaleUrl will contain the absolute URL of the multiple sales report. You must warn the user that a multiple sale occurred and must be reviewed and transmitted or dismissed.

Audit User

Transactions that generate audit trail entries require the email address of a valid FastBound account user in an HTTP request header named X-AuditUser. If the user does not exist, does not belong to the account, or access has expired or is disabled, FastBound will reject the API request.

Support

We keep this article updated with frequently asked questions and commonly encountered issues. If you can’t find an answer in our API help articles or our Open API documentation, don’t hesitate to contact us.