Barion Wallet Authentication: Difference between revisions

From Barion Documentation
Jump to navigation Jump to search
m (add exact prod date)
 
(4 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{NotificationBox|title=IMPORTANT|text=This feature is currently only available in the sandbox environment, it will be active in production by 21. November 2022. Until it becomes active, you can use [[Basic authentication]] for wallet-level endpoints. |color=#FF7A3D}}
= What is wallet authentication? =
= What is wallet authentication? =


Some API endpoints can only be reached using wallet-level authentication (for a full list see [[List_of_API_endpoints|List of Barion API endpoints]]). This is achieved through the usage of API keys tied to each wallet.
Some API endpoints can only be reached using wallet-level authentication (for a full list see [[List_of_API_endpoints|List of Barion API endpoints]]). This is achieved through the usage of API keys tied to each wallet.


{{NotificationBox|title=NOTE|text=This feature is only available to organizations registered to Barion. |color=#FF7A3D}}
{{NotificationBox|title=NOTE|text=This feature is only available to business accounts.|color=#FF7A3D}}


= Using API keys =
= Using API keys =
Line 11: Line 9:
To use an endpoint which requires wallet-level authentication, simply send your API key in the <code>x-api-key</code> header of your request.
To use an endpoint which requires wallet-level authentication, simply send your API key in the <code>x-api-key</code> header of your request.


The format of the key should be with lower case letters and <strong>without dashes</strong>. You can directly use values copied from the secure site's access page.
You can directly use values copied from the secure site's access page.


= Managing API keys =
= Managing API keys =
Line 17: Line 15:
The management interface of wallet-level API keys can be found on the [https://secure.barion.com Barion secure site] under the <tt>Wallet -> Access</tt> menu item.
The management interface of wallet-level API keys can be found on the [https://secure.barion.com Barion secure site] under the <tt>Wallet -> Access</tt> menu item.


[[File:Wallet_key_management_page.png|The wallet key management page with only one active API key]]
[[File:Wallet_key_management_page_2.png|The wallet key management page with only one active API key]]


You can view your currently active API key or place it onto the clipboard via clicking the icons on the right side of the screen.
You can view your currently active API key or place it onto the clipboard via clicking the icons on the right side of the screen.
Line 27: Line 25:
You can add a new API key to your wallet by clicking the "rotate" icon to the right of the key. <strong>This does not deactivate the old API key</strong>, it just adds a new one. After changing all usages of the old key to the new one, the old one can be safely deleted.
You can add a new API key to your wallet by clicking the "rotate" icon to the right of the key. <strong>This does not deactivate the old API key</strong>, it just adds a new one. After changing all usages of the old key to the new one, the old one can be safely deleted.


[[File:Wallet_key_management_page_-_under_rotation.png|The wallet key management page with two active API keys]]
[[File:Wallet_key_management_page_-_under_rotation_2.png|The wallet key management page with two active API keys]]


As there can only be at most two active API keys tied to a wallet at all times, it is not possible to rotate one of two active keys. You'll have to delete one of them to start rotating the other one.
As there can only be at most two active API keys tied to a wallet at all times, it is not possible to rotate one of two active keys. You'll have to delete one of them to start rotating the other one.

Latest revision as of 09:24, 25 November 2022

What is wallet authentication?

Some API endpoints can only be reached using wallet-level authentication (for a full list see List of Barion API endpoints). This is achieved through the usage of API keys tied to each wallet.

NOTE
This feature is only available to business accounts.

Using API keys

To use an endpoint which requires wallet-level authentication, simply send your API key in the x-api-key header of your request.

You can directly use values copied from the secure site's access page.

Managing API keys

The management interface of wallet-level API keys can be found on the Barion secure site under the Wallet -> Access menu item.

The wallet key management page with only one active API key

You can view your currently active API key or place it onto the clipboard via clicking the icons on the right side of the screen.

Rotating keys

In case a key's secrecy is compromised it is important to change it to avoid unauthorized parties from using Barion in your name.

You can add a new API key to your wallet by clicking the "rotate" icon to the right of the key. This does not deactivate the old API key, it just adds a new one. After changing all usages of the old key to the new one, the old one can be safely deleted.

The wallet key management page with two active API keys

As there can only be at most two active API keys tied to a wallet at all times, it is not possible to rotate one of two active keys. You'll have to delete one of them to start rotating the other one.