There are three main API authentication methods: HTTP Basic Authentication, URL Authentication and OAuth2.

The easiest way to authenticate is by using HTTP Basic Authentication. Here, you authenticate your request by providing your Client ID/Client Secret combinations along with every request. Authentication is performed such that your Client ID is your username and your Client Secret is your password.

Learn how to create your Client ID and Client Secret here

Once you have your API Keys, you can now provide your Client ID and a Client Secret in the HTTP Basic Authorization header to authenticate your API requests.

Basic Authentication

So if khsqolyu is your ClientID and muahwiao is your ClientSecret, then the Base64 encoding of your API keys (khsqolyu:muahwiao) results in following header being sent via the HTTP Authorization header.

Authorization: Basic a2hzcW9seXU6bXVhaHdpYW8g

You can use a tool like base64 encode to encode your keys or Postman. See sample encoding in Postman below:

See sample cURL request for receiving money

curl -X POST \ \
  -H 'authorization: Basic a2hzcW9seXU6bXVhaHdpYW8=' \
  -H 'cache-control: no-cache' \
  -H 'content-type: application/json' \
  -d '{
  "CustomerName": "Customer Fullname",
  "CustomerMsisdn": "054XXXXXXX",
  "CustomerEmail": "",
  "Channel": "mtn-gh",
  "Amount": 0.5,
  "PrimaryCallbackUrl": "",
  "SecondaryCallbackUrl": "",
  "Description": "1 box of Sugar",
  "ClientReference": "5fc556c862d64cceb",
  "Token": "string",
  "FeesOnCustomer": true

API Keys Security Tips

Ensure that you keep your API keys safe and protected from any unauthorised use.

Do not share your API keys with any unauthorised third party. If you have reasons to believe that your API keys have been compromised. You can easily regenerate new API keys with the following steps:

  1. Go to Developer.
  2. Then click on the 3 dots on your far right.
  3. Click on Generate Keys to regenerate new API keys.

If you want to integrate any of a wide variety of API’s into your application, then checkout our API documentation.

Did this answer your question?