Barion Wallet Authentication: Difference between revisions
mNo edit summary |
m (change text to show that the feature is now available in sandbox) |
||
Line 1: | Line 1: | ||
{{NotificationBox|title=IMPORTANT|text=This feature is | {{NotificationBox|title=IMPORTANT|text=This feature is currently only available in the sandbox environment, it will be active in production by the end of November 2022. Until it becomes active, you can use [[Basic authentication]] for wallet-level endpoints. |color=#FF7A3D}} | ||
= What is wallet authentication? = | = What is wallet authentication? = |
Revision as of 10:03, 15 November 2022
What is wallet authentication?
Some API endpoints can only be reached using wallet-level authentication (for a full list see List of Barion API endpoints). This is achieved through the usage of API keys tied to each wallet.
Using API keys
To use an endpoint which requires wallet-level authentication, simply send your API key in the x-api-key
header of your request.
The format of the key should be with lower case letters and without dashes. You can directly use values copied from the secure site's access page.
Managing API keys
The management interface of wallet-level API keys can be found on the Barion secure site under the Wallet -> Access menu item.
You can view your currently active API key or place it onto the clipboard via clicking the icons on the right side of the screen.
Rotating keys
In case a key's secrecy is compromised it is important to change it to avoid unauthorized parties from using Barion in your name.
You can add a new API key to your wallet by clicking the "rotate" icon to the right of the key. This does not deactivate the old API key, it just adds a new one. After changing all usages of the old key to the new one, the old one can be safely deleted.
As there can only be at most two active API keys tied to a wallet at all times, it is not possible to rotate one of two active keys. You'll have to delete one of them to start rotating the other one.