Documentation | API | Authentication
Authentication

Every API request will be served via HTTPS only. To authenticate a user or a program interacting with API, two HTTP headers Api-Key and Signature are required with every API request to every endpoint. You must have an approved merchant account with Authified in order to receive dashboard login and API credentials.

Api-Key will be used to lookup a merchant account and Api-Secret will be used as password to validate Signature. See example code to generate Signature. If any request found missing one or both of the headers will be responded with http_status_code 401. See error reference for more information.

Api-Key Must be start with "key-" and 36 characters long.
example: key-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Api-Secret Must be start with "sec-" and 36 characters long.
example: sec-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Important: Api-Key and Api-Secret must be keep safe and secure in order to avoid un-authorized access to APIs.
Information: Api-Key and Api-Secret can be found under Authified Dashboard Settings Merchant API or contact us.
HTTP Headers

Table below describes the required HTTP headers, in order to authenticate every API call.

Name Description
Accept application/json - (optional)
Content-Type application/json - (optional)
Content-Length int - (optional)
Api-Key Provided by Authified - (required)
Signature A base64 encoded string from binary hash generated of http query encoded request with HMAC method using algo "sha256" and Api-Secret provided by Authified as a password. See example code to generate signature - (required)

Last modified: 4 years ago
<?php
    $api_secret = "YOUR-API-SEC";
    $data = [
        "email_address" => "",
        "mobile_number" => "",
    ];
    $query_string = http_build_query($data);
    $hmac_hash = hash_hmac("sha256", $query_string, $api_secret, true);
    $Signature = base64_encode($hmac_hash);
    echo $Signature;
?>
<?php
    $api_secret = "YOUR-API-SEC";
    $data = [
        "email_address" => "",
        "mobile_number" => "",
    ];
    $query_string = http_build_query($data);
    $hmac_hash = hash_hmac("sha256", $query_string, $api_secret, true);
    $Signature = base64_encode($hmac_hash);
    echo $Signature;
?>
<?php
    $api_secret = "YOUR-API-SEC";
    $data = [
        "email_address" => "",
        "mobile_number" => "",
    ];
    $query_string = http_build_query($data);
    $hmac_hash = hash_hmac("sha256", $query_string, $api_secret, true);
    $Signature = base64_encode($hmac_hash);
    echo $Signature;
?>
<?php
    $api_secret = "YOUR-API-SEC";
    $data = [
        "email_address" => "",
        "mobile_number" => "",
    ];
    $query_string = http_build_query($data);
    $hmac_hash = hash_hmac("sha256", $query_string, $api_secret, true);
    $Signature = base64_encode($hmac_hash);
    echo $Signature;
?>
<?php
    $api_secret = "YOUR-API-SEC";
    $data = [
        "email_address" => "",
        "mobile_number" => "",
    ];
    $query_string = http_build_query($data);
    $hmac_hash = hash_hmac("sha256", $query_string, $api_secret, true);
    $Signature = base64_encode($hmac_hash);
    echo $Signature;
?>
<?php
    $api_secret = "YOUR-API-SEC";
    $data = [
        "email_address" => "",
        "mobile_number" => "",
    ];
    $query_string = http_build_query($data);
    $hmac_hash = hash_hmac("sha256", $query_string, $api_secret, true);
    $Signature = base64_encode($hmac_hash);
    echo $Signature;
?>