When you create your API client via the Dashboard, you are given a Client ID and Client Secret, both of which are needed to authenticate calls to our API.

Keep your Client Secret safe

Your Client Secret is generated and shown once when you create a new API client and cannot be shown again, so please make a copy of it. It can be used to initiate payments, so be sure to keep your Client Secret secure: do not make it publicly visible, for example by committing it to GitHub, deploying it in client-side code, etc.

Authenticating an API request

To authenticate calls to our API, set the Authorization header to “Basic ” + the Base64 encoding of the string ”clientId:clientId:clientSecret”.

For example, if your Client ID were key and your Client Secret were secret, your requests should contain the header:

Authorization: Basic a2V5OnNlY3JldA==