API authentication requirements

Security

BaaS with integrated SCA uses a bit different authentication model in comparison with initial Banking as a Service version. In this API set we use 2 types of authentication methods depending on the type of request:

  • Basic Authentication. Used by partners to authenticate at the system level when user is not yet created, cannot be used or request is dedicated for partner only. Such APIs can be recognized having partner navigation in API paths. E.g. https://api2.connectpay.com/baas-sca/user-management/partner/users
  • Bearer Token Authentication. Used by users to authenticate for secure access to specific resources. User’s access token is short lived and is valid for 5 min. Such APIs will require user’s IP address to be sent with each request and they can be recognized having client navigation in API paths. E.g. https://api2.connectpay.com/baas-sca/user-management/client/users/logout

Server-to-Server communications

ConnectPay does not have static IP addresses of API servers, nor it is mandatory to whitelist IP addresses.

Check your DevApp configuration on DevPortal to retrieve ClientKey and ClientSecret. Instructions how to create a DevApp can be found here.

Access TLS protected APIs via these hostnames:

STAGE: https://api2-stage.connectpay.com

PROD: https://api2.connectpay.com

Partner Authentication (Basic Authentication)

Basic Authentication is required for partners to access certain endpoints that allow system-level or partner-level operations.

Request Header Format

To authenticate as a partner, include x-connectpay-api-key header in the following format (base64 encoded):

x-connectpay-api-key: <base64_encoded_credentials>

Encode colon separated ClientKey and ClientSecret to Base64 and add to x-connectpay-api-key header:

x-connectpay-api-key : Basic Q29ubmVjdFBheTpFYXN5QmFua2luZw==

In example above, ClientKey is ConnectPay and ClientSecret is EasyBanking :

x-connectpay-api-key : Q29ubmVjdFBheTpFYXN5QmFua2luZw==

User Authentication (Bearer Token)

Bearer Authentication is required for user-level access to endpoints that contain user-specific data or actions.

Request Header Format

To authenticate as a user, include Authorization header together with user’s IP address within the following format:

PSU-IP-Address: 111.111.11.111
Authorization: Bearer <user_token>

This token should be obtained through the Login process from Verify SCA API response and will need to be refreshed as it expired.

Tip! You will always find proper hostname in our API Reference under each API.

Get started

DevApp creation

Scroll to Top