There are three main API authentication methods: HTTP Basic Authentication, URL Authentication and OAuth2.

The easiest way to authenticate is by using HTTP Basic Authentication. Here, you authenticate your request by providing your API Key/API Secret combinations along with every request. Authentication is performed such that your API Key is your username and your API Secret is your password.

Learn how to create API Keys here

Once you have your API Keys, you can now provide your API Key and a API Secret in the HTTP Basic Authorization header to authenticate your API requests.

Basic Authentication

So if BoP4aVt is your ApiKey and d6d090e8-51dd-4ba2-95be-ec4e61e608f2 is your ApiSecret, then the Base64 encoding of your API keys (BoP4aVt:d6d090e8-51dd-4ba2-95be-ec4e61e608f2) results in the following header being sent via the HTTP Authorization header.

Authorization: Basic Qm9QNGFWdDpkNmQwOTBlOC01MWRkLTRiYTItOTViZS1lYzRlNjFlNjA4ZjI=

You can use a tool like base64 encode to encode your keys or Postman.

See sample HTTP request for Online Checkout:

POST /v2/pos/onlinecheckout/items/initiate HTTP/1.1
Host: api.hubtel.com
Content-Type: application/json
Cache-Control: no cache
cache-control: no-cache
Authorization: Basic Qm9QNGFWdDpkNmQwOTBlOC01MWRkLTRiYTItOTViZS1lYzRlNjFlNjA4ZjI=

{
  "items": [
    {
      "name": "My First Copy Book",
      "quantity": 1,
      "unitPrice": 0.5
    },
    {
      "name": "My Grandfather's Clock",
      "quantity": 2,
      "unitPrice": 1
    }
  ],
  "totalAmount": 1.5,
  "description": "School Shopping Checkout",
  "callbackUrl": "https://webhook.site/e2ef65e8-6d5c-455d-a2cd-536671f43daf",
  "returnUrl": "http://hubtel.com",
  "merchantBusinessLogoUrl": "http://hubtel.com/online",
  "merchantAccountNumber": "HM2121212121",
  "cancellationUrl": "http://hubtel.com/online",
  "clientReference": "inv210629"
}'


API Keys Security Tips

Ensure that you keep your API keys safe and protected from any unauthorised use.

Do not share your API keys with any unauthorized third party. If you have reasons to believe that your API keys have been compromised. You can easily regenerate new API keys. 

If you want to integrate any of a wide variety of API’s into your application, then checkout our API documentation here.

Did this answer your question?