Barion Wallet Authentication

From Barion Documentation
Revision as of 10:26, 15 November 2022 by Adamsz (talk | contribs) (add exact prod date)
Jump to navigation Jump to search
IMPORTANT
This feature is currently only available in the sandbox environment, it will be active in production by 21. November 2022. Until it becomes active, you can use Basic authentication for wallet-level endpoints.

What is wallet authentication?

Some API endpoints can only be reached using wallet-level authentication (for a full list see List of Barion API endpoints). This is achieved through the usage of API keys tied to each wallet.

NOTE
This feature is only available to organizations registered to Barion.

Using API keys

To use an endpoint which requires wallet-level authentication, simply send your API key in the x-api-key header of your request.

The format of the key should be with lower case letters and without dashes. You can directly use values copied from the secure site's access page.

Managing API keys

The management interface of wallet-level API keys can be found on the Barion secure site under the Wallet -> Access menu item.

The wallet key management page with only one active API key

You can view your currently active API key or place it onto the clipboard via clicking the icons on the right side of the screen.

Rotating keys

In case a key's secrecy is compromised it is important to change it to avoid unauthorized parties from using Barion in your name.

You can add a new API key to your wallet by clicking the "rotate" icon to the right of the key. This does not deactivate the old API key, it just adds a new one. After changing all usages of the old key to the new one, the old one can be safely deleted.

The wallet key management page with two active API keys

As there can only be at most two active API keys tied to a wallet at all times, it is not possible to rotate one of two active keys. You'll have to delete one of them to start rotating the other one.