There are three main API authentication methods: HTTP Basic Authentication, URL Authentication and OAuth2.

The easiest way to authenticate is by using HTTP Basic Authentication. Here, you authenticate your request by providing your Client ID/Client Secret combinations along with every request. Authentication is performed such that your Client ID is your username and your Client Secret is your password.

Creating API Keys

Step 1
 First you need to create a Hubtel Account. Incase you already have an account skip to Step 2.

  1. Visit unity.hubtel.com to create a new Hubtel account.
  2. Click on the sign up button and fill out your firstname, lastname, email, mobile number and password to Sign up With Email.
  3. You can also sign up with either your Gmail or Facebook account.

Step 2
 Register your application to create your API keys which contain your API clientID and clientSecret.

  1. Go to Developer on the main navigation menu.
  2. Then click on Register an App
  3. Provide a Description for your App.
  4. Select HTTP REST as your API Type.
  5. Click on Save to complete your app registration
  6. Copy your Client ID and Client Secret for future purposes.

You can now provide your Client ID and a Client Secret in the HTTP Basic Authorization header to authenticate your API requests.

Basic Authentication

So if khsqolyu is your ClientID and muahwiao is your ClientSecret, then the Base64 encoding of your API keys (khsqolyu:muahwiao) results in following header being sent via the HTTP Authorization header.

Authorization: Basic a2hzcW9seXU6bXVhaHdpYW8g

You can use a tool like base64 encode to encode your keys or Postman. See sample encoding in Postman below:


See sample cURL request for receiving money

curl -X POST \
  https://api.hubtel.com/v1/merchantaccount/merchants/HM2013160051/receive/mobilemoney \
  -H 'authorization: Basic a2hzcW9seXU6bXVhaHdpYW8=' \
  -H 'cache-control: no-cache' \
  -H 'content-type: application/json' \
  -d '{
  "CustomerName": "Customer Fullname",
  "CustomerMsisdn": "054XXXXXXX",
  "CustomerEmail": "customer@gmail.com",
  "Channel": "mtn-gh",
  "Amount": 0.5,
  "PrimaryCallbackUrl": "https://requestb.in/19d4d3p1",
  "SecondaryCallbackUrl": "",
  "Description": "1 box of Sugar",
  "ClientReference": "5fc556c862d64cceb",
  "Token": "string",
  "FeesOnCustomer": true
}'


API Keys Security Tips

Ensure that you keep your API keys safe and protected from any unauthorised use.
 Do not share your API keys with any unauthorised third party. If you have reasons to believe that your API keys have been compromised. You can easily regenerate new API keys with the following steps:

  1. Go to Developer.
  2. Then click on the 3 dots on your far right.
  3. Click on Generate Keys to regenerate new API keys.

If you want to integrate any of a wide variety of API’s into your application, then checkout our API documentation.

Did this answer your question?