Every API request will be served via HTTPS only. To authenticate a user or a program interacting with API, two HTTP headers Api-Key
and Signature
are required with every API request to every endpoint. You must have an approved merchant account with Authified in order to receive dashboard login and API credentials.
Api-Key
will be used to lookup a merchant account and Api-Secret
will be used as password to validate Signature
. See example code to generate Signature
. If any request found missing one or both of the headers will be responded with http_status_code
401. See error reference for more information.
Api-Key |
Must be start with "key-" and 36 characters long.
example: key-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx |
Api-Secret |
Must be start with "sec-" and 36 characters long.
example: sec-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx |
Api-Key
and Api-Secret
must be keep safe and secure in order to avoid un-authorized access to APIs.
Api-Key
and Api-Secret
can be found under Authified Dashboard Settings Merchant API or contact us.
Table below describes the required HTTP headers, in order to authenticate every API call.
Name | Description |
---|---|
Accept | application/json - (optional) |
Content-Type | application/json - (optional) |
Content-Length | int - (optional) |
Api-Key | Provided by Authified - (required) |
Signature |
A base64 encoded string from binary hash generated of http query encoded request with HMAC method using algo "sha256" and Api-Secret provided by Authified as a password. See example code to generate signature - (required)
|
<?php
$api_secret = "YOUR-API-SEC";
$data = [
"email_address" => "",
"mobile_number" => "",
];
$query_string = http_build_query($data);
$hmac_hash = hash_hmac("sha256", $query_string, $api_secret, true);
$Signature = base64_encode($hmac_hash);
echo $Signature;
?>
<?php
$api_secret = "YOUR-API-SEC";
$data = [
"email_address" => "",
"mobile_number" => "",
];
$query_string = http_build_query($data);
$hmac_hash = hash_hmac("sha256", $query_string, $api_secret, true);
$Signature = base64_encode($hmac_hash);
echo $Signature;
?>
<?php
$api_secret = "YOUR-API-SEC";
$data = [
"email_address" => "",
"mobile_number" => "",
];
$query_string = http_build_query($data);
$hmac_hash = hash_hmac("sha256", $query_string, $api_secret, true);
$Signature = base64_encode($hmac_hash);
echo $Signature;
?>
<?php
$api_secret = "YOUR-API-SEC";
$data = [
"email_address" => "",
"mobile_number" => "",
];
$query_string = http_build_query($data);
$hmac_hash = hash_hmac("sha256", $query_string, $api_secret, true);
$Signature = base64_encode($hmac_hash);
echo $Signature;
?>
<?php
$api_secret = "YOUR-API-SEC";
$data = [
"email_address" => "",
"mobile_number" => "",
];
$query_string = http_build_query($data);
$hmac_hash = hash_hmac("sha256", $query_string, $api_secret, true);
$Signature = base64_encode($hmac_hash);
echo $Signature;
?>
<?php
$api_secret = "YOUR-API-SEC";
$data = [
"email_address" => "",
"mobile_number" => "",
];
$query_string = http_build_query($data);
$hmac_hash = hash_hmac("sha256", $query_string, $api_secret, true);
$Signature = base64_encode($hmac_hash);
echo $Signature;
?>