To secure your applicaiton, you with need to authenticate and authorize all your API calls.

How to authenticate

  1. Use the following command to generate a secret token
curl -X POST baseUri \
     -H "Content-Type: application/json" \
     -d '{
         "appKey": "YourAppKey",
         "appPassword": "YourAppPassword",
         "userId": "Userid delegated to make the request",
         "includeRefereshToken": true
     }'
  1. Pass the returned token using the following format in the authorization header of every request:
Authorization: $"Bearer "<YourToken>"

Important notes on authentication

  1. App Key and App Password: Find your App Key and App Password under Developer Settings in the portal to generate the token.
  2. Keep your credentials safe: You can only view your App Key and App Password once. It is your responsibility to keep them safe, e.g., do not store them in Git or expose them to unauthorized people.
  3. User Delegation: Select the user who will be delegated to make API requests under Applications in the portal. The transactions initiated will be processed according to the permissions the user has.
  4. Whitelisting: Whitelist your application under Developer Settings in the portal.
  5. HTTPS: All API requests must be made over HTTPS.
  6. Authentication: API requests without authentication will fail with status code 401: Unauthorized.