API authentication requirements

Security

BaaS with integrated SCA uses a slightly different authentication model in comparison with the initial Banking as a Service version. In this API set, we use 2 types of authentication methods depending on the type of request:

  • Basic Authentication. Used by partners to authenticate at the system level when the user is not yet created, cannot be used, or the request is dedicated to the partner only. Such APIs can be recognized as having partner navigation in API paths. E.g. https://api2.connectpay.com/baas-sca/user-management/partner/users
  • Bearer Token Authentication. Used by users to authenticate for secure access to specific resources. The user’s access token is short-lived and is valid for 5 min. Such APIs will require the user’s IP address to be sent with each request, and they can be recognized as having client navigation in API paths. E.g. https://api2.connectpay.com/baas-sca/user-management/client/users/logout

Server-to-Server communications

ConnectPay does not have static IP addresses of API servers, nor is it mandatory to whitelist IP addresses.

Check your DevApp configuration on DevPortal to retrieve ClientKey and ClientSecret. Instructions on how to create a DevApp can be found here.

Access TLS-protected APIs via these hostnames:

STAGE: https://api2-stage.connectpay.com

PROD: https://api2.connectpay.com

Partner Authentication (Basic Authentication)

Basic Authentication is required for partners to access certain endpoints that allow system-level or partner-level operations.

Request Header Format

To authenticate as a partner, include x-connectpay-api-key header in the following format (base64 encoded):

x-connectpay-api-key: <base64_encoded_credentials>

Encode colon separated ClientKey and ClientSecret to Base64 and add to x-connectpay-api-key header:

x-connectpay-api-key : Basic Q29ubmVjdFBheTpFYXN5QmFua2luZw==

In the example above, ClientKey is ConnectPay and ClientSecret is EasyBanking :

x-connectpay-api-key : Q29ubmVjdFBheTpFYXN5QmFua2luZw==

User Authentication (Bearer Token)

Bearer Authentication is required for user-level access to endpoints that contain user-specific data or actions.

Request Header Format

To authenticate as a user, include the Authorization header together with the user’s IP address within the following format:

PSU-IP-Address: 111.111.11.111
Authorization: Bearer <user_token>

This token should be obtained through the Login process from the Verify SCA API response and will need to be refreshed as it expires.

Tip! You will always find the proper hostname in our API Reference under each API.

Get started

DevApp creation

Scroll to Top