x-auth-token
) - Used for requests requiring an authenticated user session.x-api-key
) - Used to identify your 3rd party application.Session-Based Authentication
x-auth-token
after completing user authentication (e.g., OTP login).Include this token in the request headers:API Key Authentication
x-api-key
while others do not. Check the endpointβs documentation to confirm.HMAC Signature Authentication
Header | Description |
---|---|
x-api-key | Found in the Business Dashboard |
x-signature | HMAC-SHA256 signature of the request body |
x-timestamp | Unix timestamp (seconds) when the signature was generated |
x-signature
x-timestamp
must be within 30 seconds of the current time. Older timestamps will result in a 403 Forbidden error.