Authentication to the Billwerk+Optimize API is done using a private API key. All API requests must be made over HTTPS. Calls made over plain HTTP will fail. Most requests require authentication.
API key authentication is done by providing one of your private API keys in the request. You can manage your private API keys from your account. You can have multiple API keys active at one time.
The API key must be provided as the HTTP Basic Auth username.No password needs to be provided. HTTP Basic Auth is performed by sending an Authorization header with value Basic base64('<privatekey>:'). E.g. for private key
priv_12051dfac75143fc827cf63a87f46df3
the value will be
base64('priv_12051dfac75143fc827cf63a87f46df3:') = cHJpdl8xMjA1MWRmYWM3NTE0M2ZjODI3Y2Y2M2E4N2Y0NmRmMzo=
and the complete header will be
Authorization: Basic cHJpdl8xMjA1MWRmYWM3NTE0M2ZjODI3Y2Y2M2E4N2Y0NmRmMzo=
To test base64 encoding the following site can be used www.base64decode.org.
Notice: Remember a colon `:` after the private key before base 64 encoding. The colon separates username and password in HTTP Basic Auth. In this case the password is empty. Your private API keys carry many privileges, so be sure to keep them secret! Only use the private key in server-to-server API calls, never from the frontend, as that will expose the private key to anybody.Billwerk+Optimize also supports token based authentication where a token is obtained by a login with username and password. This solution can be used if you wish to build an administration solution using the credentials stored at Billwerk+Optimize. Contact Billwerk+Optimize for more information if this is relevant for you.