This guide provides detailed, production-ready guidance for integrating FastBound Firearms Compliance Software into an ERP, MRP, or custom manufacturing system. It is designed for experienced software engineers building or managing systems that must remain compliant with ATF regulations under 27 CFR Part 478.
FastBound is a cloud-based SaaS platform that helps Federal Firearms Licensees (FFLs) maintain compliant Acquisition and Disposition (A&D) records, forms 4473, multiple sale reports, and more… in accordance with ATF regulations.
Best Practices
-
Do not queue requests! These add unnecessary complexity, such as managing retry logic, backoff strategies, duplicate handling, and reconciliation of out-of-sync states.
-
FastBound is reliable and fast – 99% of all API requests return in under one second (86% return in less than 250ms).
-
Prioritize a strong transaction model – design around confirmed success, not recovery mechanisms.
-
Only commit local transactions after receiving a success response from FastBound (HTTP 2xx).
-
Simplify architecture by trusting FastBound’s consistent performance and focusing on clean, predictable workflows.
-
Always display FastBound error messages so user can quickly troubleshoot and resolve errors (if they have appropriate access).
-
Restrict editing of GUIDs and system-critical fields to administrators.
-
Validate fields locally before sending requests.
Safe Updates with PUT Requests
Our APIs are designed to handle updates using the PUT method. To ensure the desired outcome, include all relevant properties in the request—any properties not included will be set to null. While some systems use PATCH for partial updates, PUT is the standard approach in this implementation.
A common approach for updating objects is to first retrieve the existing object with a GET request, make the necessary changes to the relevant fields, and then send a PUT request with the full object. This ensures all properties—both updated and unchanged—are preserved as intended.
Respect Rate Limits
FastBound imposes a rate limit of 60 requests per minute for each API key, meaning an API key can make up to 60 requests to the API in a one-minute window. You can limit your requests to one per second or make 60 requests in one second, but then you’ll have to wait 59 seconds before making another request with that API key.
Report of Multiple Sale
Multiple sale reports in FastBound are generated only when disposing firearms to individuals—not to organizations or FFLs. When a pending disposition is committed (via Commit or CreateAndCommit), FastBound may detect a multiple sale and include two HTTP response headers: X-FastBound-MultipleSale set to true, and X-FastBound-MultipleSaleUrl with the absolute URL to the report. If this occurs, the user must be notified that a multiple sale has taken place, and the report must be reviewed and either transmitted or dismissed.
FastBound APIs
You can explore and interact with our APIs using the web-based Swagger UI, or access the machine-readable OpenAPI Specification (OAS):
Authentication
Each FastBound account corresponds to a specific FFL and must maintain its own A&D records. Use HTTP Basic Authentication with:
-
Username: FastBound Account Number
-
Password: API Key for the account
Initial Request
The initial request is a straightforward GET call that verifies connectivity and authenticates your credentials. It also retrieves basic information about your FastBound account, ensuring that your setup is functioning correctly before proceeding with further API interactions.
curl -u ACCOUNT_NUMBER:API_KEY https://cloud.fastbound.com/ACCOUNT_NUMBER/api/accountFor detailed information about the response body, please refer to the FastBound API documentation.
Audit User
Transactions that generate audit trail entries require the email address of a valid FastBound account user in an HTTP request header named X-AuditUser. If the user does not exist, does not belong to the account, or access has expired or is disabled, FastBound will reject the API request.
Integration Scenarios
Manufacturing
Recording Newly Manufactured Firearms
Use Acquisitions/CreateAndCommit.
Manufacturing From Serialized Lower Receivers
When you complete the assembly of a firearm from a frame or receiver that already has a serial number, you must create a manufacturing disposition in FastBound, which will then automatically dispose the serialized frame or receiver and acquire the newly manufactured firearm.
Use Dispositions/CreateAndCommit with requestType set to Manufacturing and include a manufacturingChanges object within the request body. The disposition contact is automatically set to the account contact. A new pending acquisition will be created and must be reviewed and committed in the FastBound web app using Acquisitions/Commit.
Acquisitions (Non-Manufacturing)
For non-manufacturing acquisitions from other FFLs, use the same Acquisitions/CreateAndCommit endpoint, and set IsManufacturingAcquisition: false in the request body, or simply omit it.
Dispositions
Transfers to other FFLs
Use Dispositions/CreateAndCommit.
Theft or Loss
Use Dispositions/CreateAndCommit with requestType: TheftLoss and set all theftLoss_* fields.
Destroyed Firearms
Use Dispositions/CreateAndCommit with requestType: Destroyed and set all destroyed_* fields.
Deleted Items
Use Delete Items endpoint. These are the only two valid reasons for Deleting an Item and you cannot add a different one.
-
Duplicate– Use this reason if you Acquired the Item twice by mistake. -
Error– Use this reason if you Acquired the Item in Error
You also must enter a Note, which will appear on your Bound Book and it cannot be edited afterwards.
Contacts
All acquisitions and dispositions require a Contact. Required fields vary:
|
Contact Type |
Required Fields |
|
FFL |
|
|
Organization |
|
|
Individual |
|
|
All |
|
Record Extensions
Contact Records
-
Extend your system’s Vendor record to store
FastBoundContactId -
Extend your system’s Customer record to Store
FastBoundContactId
Product Records
Product records are defined as the record of your product names, descriptions, SKUs, photos, etc. Some systems may call these items. The distinction is that this is the record of the product itself, not instances of serial numbers.
A&D records must contain what is physically marked on the firearm, not what is used in sales or marketing materials. Additional or custom fields should be added to your product records to store these fields.
|
Field |
Type |
Notes |
|
Notify FastBound? |
Yes/No |
|
|
Manufacturer |
100 characters |
Required |
|
Importer |
100 characters |
Optional |
|
Country of Manufacture |
100 characters |
Optional |
|
Model |
100 characters |
Required |
|
Caliber |
100 characters |
Required |
|
Type |
100 characters |
Required, approved list |
Serialized Inventory Records
We recommend the Acquisitions/CreateAndCommit API for a single request/response.
For serialized inventory records (record of a single serial number), you should extend your inventory record to store a FastBound Item ID (GUID). FastBound will generate precisely one Item for every serial number in your system.
You should restrict editing the FastBound Item ID field to a user with administrator privileges. The only time the FastBound Item ID field would ever be edited would be if you were backfilling IDs generated while the integration was paused, for example.
When a successful acquisition request is made to FastBound, the response will contain an Item ID for each serial number.
Take care to match each Item ID to the appropriate serial number in case they are not returned in the exact same order as the request.
Configuration Parameters
We recommend restricting Configuration Settings to a user with appropriate administrator permissions.
We recommend the following FastBound configuration parameters for each FFL / FastBound account:
|
Parameter |
Description |
|
Server |
|
|
Account Number |
FastBound account number |
|
API Key |
Base64-encoded FastBound API key |
|
Email Address |
Sent in the |
|
Pause |
Suspends requests during integration maintenance or downtime |