Authentication
To ensure the security and integrity, API uses a dual-layered authentication system which applies to both our sandbox environment for staging integration and our production API.
Staging and Production Environments
Our sandbox, also referred to as the staging server, offers a safe environment for integration testing, mirroring the authentication requirements of our production API. Both environments necessitate two forms of credentials:
- API Key: Unique to each environment, the API key identifies your application to our API.
- Bearer Access Token: Serves as the proof of authentication, allowing for authorized API calls.
Each set of credentials is environment-specific, ensuring clear separation between your test and live operations.
Obtaining Your Credentials
Credentials are provided in an .env file format, containing your unique identifiers and tokens:
CREDENTIAL_ID=<YOUR_CREDENTIAL_ID>
API_KEY=<YOUR_API_KEY>
ACCESS_TOKEN=<YOUR_ACCESS_TOKEN>
The API key (`API_KEY`) and the Bearer access token (`ACCESS_TOKEN`) are essential for API requests. The `CREDENTIAL_ID` is for internal use and does not need to be included in API calls.
Making Authenticated Requests
To make authenticated API calls, include the following headers in your HTTP request:
- API Key: Supplied in the `x-api-key` request header.
- Access Token: Provided in the `Authorization` request header as a Bearer token.
Example headers to include in your request:
x-api-key: <YOUR_API_KEY>
Authorization: Bearer <YOUR_ACCESS_TOKEN>
Ready to Start?
After obtaining your credentials and setting up your environment, you are ready to begin the integration process. Remember, production access requires successful completion of our certification process, ensuring that your integration is secure and ready for live traffic.