Authentication
API calls need to be authenticated and authorised. You can do this by providing your secret key in the Authorization header of every request you make. You should authenticate your API client with the following header Authorization: Bearer SECRET_KEY
We provide two types of key: Public and Secret keys. Public keys are meant to be only used from your frontend or mobile app when integrating Fluidcoins. Public keys are meant to be public by design, they have no write access to your account except for creating a transaction that can be paid by a customer. Your secret keys are meant to be stay secret/hidden/private at all times.
Sudo access
Please note that your secret key can perform any actions on your Fluidcoins account without restriction. It needs to be securely and confidentially stored.
Please do not include this in your git repository or Frontend code.
In the instance you believe your key has been compromised, please make sure to revoke the key from the dashboard
Authentication
Every single API requests must be authenticated will fail with the status code 401: Unauthorized.
Security
All API requests must be made over HTTPS. Please do not manually disable certificate verification from your HTTP client
Updated over 2 years ago