API requests are authenticated via the Authorization HTTP header. The header information is constructed from the client_id and client_secret which is generated when your account is created.

The expected format of the header is as follows:

Where :token is built from the concatenation of the client_id, a colon, the client_secret and then base64 encoded. In pseudo language:

Sample Authentication

HEADER Authorization: Token :token

Request

curl -s \
       --header "Content-Type: application/json" \
       --header "Authorization: Token :token" \
       --request GET "https://secure-test.addpay.co.za/v2/"

Response: Failure

Cache-Control: no-cache 
Content-Type: application/json 
Status: 401 Unauthorized

{
    "meta": {
        "status": "error",
        "message": "Unauthorized",
        "code": 401
    }
}

Response: Success

Cache-Control: no-cache 
Content-Type: application/json 
Status: 200 OK

{
    "meta": {
        "status": "success",
        "message": "OK",
        "code": 200
    }
}

All API requests must be authenticated with the Authorization header and the request body payload submitted along with it. Unauthorized requests will be rejected with an HTTP 401 error code.