Authentication

The Gigapay API uses API keys to identify and authenticate requests. You can request keys by contacting us at info@gigapay.se. Note that you will receive separate sets of keys for the live and demo environment.

Your API keys carry many privileges, so be make sure you keep them secure. Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, etc.

Authorization to the API is performed through a token-based HTTP Authentication scheme. To authorize requests, include the Authorization and Integration-ID HTTP header. Note that the authentication key should be prefixed by the string literal "Token", with whitespace separating the two strings. For example:

curl https://api.gigapay.se/v2/payouts \
-H "Authorization: Token 1vjv20ksxwvlpp3peize74ievjmx3e" \
-H "Integration-ID: 650fd73ff5"

API requests without authentication will fail with the HTTP response code 403. API calls made over plain HTTP instead of HTTPS will also be rejected with the response code 301.

IP-whitelisting

The Gigapay API Supports IP-whitelisting. When requesting API-keys, let us know which IP:s you would like to restrict access. If IP-whitelisting is enabled, API requests made from a non-whitelisted IP will be rejected with HTTP response code 403.