➦ Back to Tazapay

Authentication

The Tazapay API uses Basic Access Authentication or BASIC AUTH to authenticate requests. When you sign up for an account, you can view and manage your keys on the Tazapay dashboard. Tazapay API provides you with two types of keys, the API_Key and the API_Secret. You will need to authenticate by providing the base64 encoded key pair in the request Authorization header.

📘

Tazapay has separate keys for both test and live environments. Test keys can be generated automatically by logging into the sandbox dashboard and live keys by logging into the live dashboard after clearing KYB.

All requests to Tazapay API must be made over HTTPS. Requests over HTTP will fail. Requests without authentication will also fail.

NOTE: To go from test mode to live mode, you need to change the endpoint URL along with changing the API keys.

🚧

API_Secret key is "secret" for a reason!

Do not share your API keys to any unauthorised parties. This includes publicly accessible areas such as GitHub, client-side code, etc. An unauthorised party can create transactions on your behalf if they get a hold of your API keys.

How to Authenticate

  1. BASIC AUTH requires a username and a password combined with a colon. Its format is {{username}}:{{password}}.

    NOTE: Your API_Key will serve as the username USER and the API_Secret PASS as the password.

  2. The resultant value is encoded into a Base64 format.

  3. Prefix the Base64 encoded value with Basic and pass it in the Authorization header.

Example

  1. If your API keys are:
API_Key : F2W7H8JWMO8398KAPW85
API_Secret : rKHFAffLq5Lnrms3mOBQi71oQmMATH2EByYDyIR2Wd0jGdKeed08WThGVS6v1257
  1. Following the BASIC AUTH format, the value generated is:
F2W7H8JWMO8398KAPW85:rKHFAffLq5Lnrms3mOBQi71oQmMATH2EByYDyIR2Wd0jGdKeed08WThGVS6v1257
  1. Encoding the above value into Base64, the resultant value generated is:
RjJXN0g4SldNTzgzOThLQVBXODU6cktIRkFmZkxxNUxucm1zM21PQlFpNzFvUW1NQVRIMkVCeVlEeUlSMldkMGpHZEtlZWQwOFdUaEdWUzZ2MTI1Nw==
  1. Include this Base64 value in the Authorization header with Basic prefix:
Authorization: Basic RjJXN0g4SldNTzgzOThLQVBXODU6cktIRkFmZkxxNUxucm1zM21PQlFpNzFvUW1NQVRIMkVCeVlEeUlSMldkMGpHZEtlZWQwOFdUaEdWUzZ2MTI1Nw==