Our API gateway uses Basic Auth for authentication with the consumer key and consumer secret as the encoded credentials. You can register or generate new API credentials on your developer account.
Basic authentication is a simple authentication scheme built into the HTTP protocol. The client sends HTTP requests with the Authorization header that contains the word Basic word followed by a space and a base64-encoded string consumerKey:consumerSecret. The result then goes in the Authorization header like this: Authorization: Basic dG9wc2VjcmV0OjEyMzQ=.
(i) Concatenate the consumerKey with a colon, and the consumerSecret.
For example, a consumerKey of admin, and a consumerSecret of admin becomes the following string: admin:admin
(ii) Encode this consumerKey and consumerSecret string in base64 encoding.
(iii) Include this base64-encoded string in an HTTP Authorization: Basic header.
With an encoded consumerKey and consumerSecret, the following header is created: Authorization: Basic YWRtaW46YWRtaW4=
Follow the GitHub gist link to find ways of generating base64-encoded Authorization headers in a variety of languages.
<?php
// credentials from your developer account
$consumerKey = "568473daf6614cb196caeb5f8805985f";
$consumerSecret = "5a07f41de16e40e4b08b4001142a5a10";
$auth = base64_encode($consumerKey . ":" . $consumerSecret);
//Pass the standard request headers.
curl_setopt($curl, CURLOPT_HTTPHEADER, array("Authorization: Basic $auth",
"Accept: application/json",
"Content-Type: application/json"));
Note: Because base64 is easily decoded, Basic authentication should only be used together with other security mechanisms such as HTTPS/SSL.
When new credentials are generated, you can no longer use the old ones. After you generate your credentials, we strongly advise that you copy and keep them somewhere safe. They will not be displayed again on the dashboard because we do not log or save your credentials for security reasons. If you lose them, you’ll have to generate new ones.
Please keep your API credentials safe and treat them like a passwords. If you think they may have been compromised please generate new API credentials.