API requests are authenticated via the Authorization HTTP header. The header information is constructed from the client_id and client_secret which is generated when your account is created.

The expected format of the header is as follows:

Authorization: Token :token

Where :token is built from the concatenation of the client_id, a colon, the client_secret and then base64 encoded. In pseudo language:

Authorization: Token base64encode(client_id:client_secret) 

Sample Authentication

HEADER Authorization: Token :token


Request
curl -s \
       --header "Content-Type: application/json" \
       --header "Authorization: Token :token" \
       --request GET "https://secure-test.addpay.co.za/v2/"
Response: Failure
Cache-Control: no-cache 
Content-Type: application/json 
Status: 401 Unauthorized
{
    "meta": {
        "status": "error",
        "message": "Unauthorized",
        "code": 401
    }
}
Response: Success
Cache-Control: no-cache 
Content-Type: application/json 
Status: 200 OK
{
    "meta": {
        "status": "success",
        "message": "OK",
        "code": 200
    }
}

All API requests must be authenticated with the Authorization header and the request body payload submitted along with it. Unauthorized requests will be rejected with an HTTP 401 error code.