Authentication

You need to authenticate to the REST API using HTTP Basic Auth (HTTP Basic access authentication) providing a user name and a password when making a request.

The user name consists of the SiteID and the password consists of the API Key which are generated upon the creation of the Integration site. The SiteID and the API Key separated by ‘:’ sign have to be encoded using Base64 encoding (e.g. https://www.base64encode.org/). Only then, the result can be sent in the Authorization header.

Please make sure the API keys are kept secret and regenerate at once if security has been compromised!

Use the SiteID as the basic auth username with the API Key as the password, separated by ‘:’ sign.

Authorization: Basic {Base64 encoding of 'SiteID:APIkey'}

Meaning:

Authorization: Basic {Base64 encoding of '30201:hJ5RobYx9r7FfNwCvHY9LXHqqr+FEzrc7aJvQQk4Gaz1mg7Ryy'}

Resulting:

Authorization: Basic MzAyMDE6aEo1Um9iWXg5cjdGZk53Q3ZIWTlMWEhxcXIrRkV6cmM3YUp2UVFrNEdhejFtZzdSeXk=

For a better understanding of how it works, take a look at our examples of authentication provided below.

Code sample: Authentication

curl -u {PROVIDED_SITE_ID}:{PROVIDED_API_KEY} \
     https://paytest.smart2pay.com/v1/payments/?limit=1

For a secure connection, all API calls must be authenticated and made over HTTPS!

You can manage the API Keys from the Merchant Dashboard. You can have multiple API Keys if you define more sites – see Multiple Websites Management for details.