Authentication is required when making calls to our RESTful webservices. The domain is required to match the host where the JavaScript code is used.

API keys

We use basic authentication over secure http (HTTPS). Basic authentication is a method for an HTTP user agent (e.g. a web browser) to provide a user name and password when making a request. In our case, by using basic HTTP authentication, a request contains a header field in the form of Authorization: Basic <API-Key> where <API-Key> is the base-64 encoded string of <API-User>:<API-Credential>.

Allowlist domains

Customer who has implemented our service as front end, i.e. typically from a website using JavaScript will require API users with allowlisted domains. Allowlisting of the domains ensures that access to our service is not compromised and allows only certain domains to connect to our service.

Typically customer who has implemented our service in backend using Java, C#,PHP or Curl etc. will not require any referrer domains to be allowlisted as the back end implementation is already secured enough as the call happens from server side.

However some customers may require some additional layer of security to ensure their credentials are not compromised by other internal teams or external third party etc. In such cases domains can be allowlisted so that only the JavaScript code from those domains can make successful calls to our APIs.

API users and domain allowlisting can be done by the customer once they sign up for free Trial using Allowlisting domains

Last updated