Authentication
API calls must be authenticated by your API Key on each request. Your API Key carries many privileges so be sure to keep it secret. Do not share your API Key or expose it in the client-side code of any public web site.
You can find your merchant API Key in the Paylands backoffice.
Clicking on the top right icon will display your credentials.
API authentication is done using HTTP Basic Auth
. Provide your API Key as the value for the username field. It is not necessary to provide a value for the password field. If you set the Basic Auth header manually (such as when testing with curl), the API Key must be base64 encoded. If you use Postman, Insomnia or any other similar application, they already encode it in base64 automatically when sending the request.
If you need to authenticate via Bearer authentication
(such as for a cross-origin
request), use the -H "Authorization: Bearer <API Key>"
modifier instead of -u <API Key>:
.
For example, if your api key is 5d66a96f460f4109b24c2243fb1c43e1, the following headers will be valid:
Authorization: Basic NWQ2NmE5NmY0NjBmNDEwOWIyNGMyMjQzZmIxYzQzZTE=.
Authorization: Bearer 5d66a96f460f4109b24c2243fb1c43e1
All API requests must be made over HTTPS. Requests made over HTTP will be denied; as well as unauthenticated requests.
API key profiles
The API key has several profiles assigned to it that determine its permissions. Information about the different API key profiles and how to get them can be found in the API Reference.