Onboard Connect APIs
Authentication
Overview
To interact with the Onboard Connect API, 3rd party clients must authenticate using one of the following methods:
- Session-based authentication (
x-auth-token
) - Used for requests requiring an authenticated user session. - API Key authentication (
x-api-key
) - Used to identify your 3rd party application. - HMAC Signature authentication - Required for more sensitive endpoints (e.g., user creation), ensuring request integrity.
Check the specific endpoint documentation to determine which authentication method is required.
Authentication methods
Unauthorized Requests: Endpoints that require authentication will return a 401 Unauthorized status code for missing or invalid credentials.