Static API headers

In reinforcing the security of our API endpoints, we've implemented a StaticX-API-KEY Header mechanism.

This approach combines security with flexibility, allowing for unique client identification while offering the capability to adapt to changing security needs.

The process involves issuing a unique API key during client onboarding, providing a personalized identifier for the your API requests. The key, initially static, can be changed by Paymentology as per request, ensuring adaptability to evolving security needs.

❕

IMPORTANT

• X-API-KEY is applicable to ALL API's, including PaySecure API's.
• X-API-KEY length 1-32 (we recommend to use at least 16 characters)
• X-API-KEY can have special characters (there are no restricted characters)

Header inclusion

Each API request must include the X-API-KEY header for authentication purposes.

Example:

GET /api/resource
Host: api.example.com
X-API-KEY: your_static_api_key

Static Key issued at client onboarding

During client onboarding, a unique API key is issued, offering a personalized and secure identifier for the your API requests.

Changeable by Paymentology

The API key can be changed by Paymentology as required, providing a dynamic aspect to the security protocol.

If you require this to be changed you can lodge a request via our Customer Support platform.

Authentication and authorization

The presence and correctness of the X-API-KEY header is verified by the Paymentology server to authenticate the request.

The API key serves as an authorization token, allowing access to authorized users and preventing unauthorized entry.