More about Authentication

In order to use the Paysafe REST APIs, Paysafe must first set up on its system and provide you with a server-to-server API key, which authenticates your account. Your can find your API key in the Merchant Back-Office system, where it looks something like this:

  • username– MerchantXYZ for example
  • password – B-tst1-0-51ed39e4-312d02345d3f123120881dff9bb4020a89e8ac44cdfdcecd702151182fdc952272661d290ab2e5849e31bb03deede7e

All requests to all APIs except for the Customer Vault’s Create an Apple Pay Single-Use Token request and the Create a Mobile Device Single-Use Token request use the server-to-server API key. For account security reasons, these requests both require that you use a special single-use token API key in their headers. Single-use tokens are valid for only 15 minutes and are not consumed by verification.

The case-sensitive API key is sent using HTTP Basic Authentication. The Key ID is the basic authentication user name and the Key Password is the basic authentication password. To use HTTP Basic Authentication, you must send the API key credentials in the Authorization header with every request. The Authorization header is constructed as follows:

  1. The username and password are combined together separated by a colon. The username is placed before the colon and the password after. Using the example values above, this would give MerchantXYZ:B-tst1-0-51ed39e4-312d02345d3f123120881dff9bb4020a89e8ac44cdfdcecd702151182fdc952272661d290ab2e5849e31bb03deede7e
  2. The result from step 1 is then encoded using Base64.
  3. The authorization method, "Basic", and a space are placed before the Base64 encoded value.

For example, using the Key ID and Password examples above, the Authorization header is formed as follows:


Using cURL this can be achieved using the -H header parameter as follows:

curl -H "Authorization: Basic TWVyY2hhbnRYWV......" -x GET URL

The ..... in the example above represents the rest of the encoded username and password string. URL represents the URL for the request.

Many tools or libraries for making HTTP requests are able to do the above process automatically. For example, using the cURL command line tool we can simply use the -u option as follows.

curl -u username:password URL

For additional details, please refer to the following Wikipedia article

Your Production API key will be different from your Test API key. Contact your account manager for details. You must keep your API keys safe and ensure that they are used appropriately for your needs. Do not store your API key as part of your code.

Did you find this page useful?