Authorization

Learn about the type of authorization used by us and how to generate your API Keys.

When processing an API, it is important to know who is sending the request and if they have permission to perform the action. API Authorization helps us identify who is making the call, if they have the required permissions, and ensure you securely access the requested data.

ZWITCH uses bearer tokens to authorize API calls. All API calls must include an authorization header in the format shown below.

--header 'Authorization: Bearer <Access_Key>:<Secret_Key>'
const options = {
  headers: {
    Authorization: 'Bearer <Access_Key>:<Secret_Key>'
  }
};
request["Authorization"] = 'Bearer <Access_Key>:<Secret_Key>'
curl_setopt_array($curl, [
  CURLOPT_HTTPHEADER => [
    "Authorization: Bearer <Access_Key>:<Secret_Key>"
  ],
]);
headers = {
    "Authorization": "Bearer  <Access_Key>:<Secret_Key>"
}

πŸ“˜

API Calls via Server Only

API calls that need the Secret Key for authorization can only be made from your server.

Any API call made from an application frontend is rejected.

Generate Keys

Follow the below steps to generate your ZWITCH Access Key and Secret Key.

  1. Log into your ZWITCH Dashboard.
  2. Select the environment for which you want to generate your Access Key and Secret Key.
  3. Navigate to Developers β†’ API Keys.

Your Access Key and Secret Key are automatically generated when you access the API Section of the Dashboard.

🚧

Keep your Secret Key Safe

Ensure your Secret Key is stored securely. Do not store your Secret Key in a publically accessible or unsecured environment. Use a secure medium to share your Secret Key.

Additional Secret Keys

You could have multiple development teams working on your application all of whom need access to ZWITCH. Using a single Secret Key across different teams could prove to be a security challenge. You have to ensure the Secret Key is stored and shared securely.

You can have multiple active Secret Keys at the same time. Your team members can generate and use their own Secret Keys. Team members can only view the Secret Key they generated. The Admin user can view all Secret Keys in the account.

Your account can have a total of 50 active Secret Keys.

πŸ“˜

Live Mode Only

You can generate additional Secret Keys only in live mode. Currently, this feature is not available in sandbox mode.

Generate Additional Secret Keys

Follow the below steps to generate additional Secret Keys.

  1. Log into your ZWITCH Dashboard.
  2. Switch to live mode.
  3. Navigate to Developers β†’ API Keys.
  4. Click + Create secret key.
  5. Enter a name for the additional Secret Key on the Create a new secret key popup. This helps you identify who is using the different Secret Keys and their purpose.
  6. Click Create.

The additional Secret Key is created.

🚧

Cannot Delete Secret Keys

Currently, it is not possible to delete your Secret Keys from the Dashboard.
Contact our Support Team in case you need to delete your Secret Key.

Invalid Authorization

The below error is returned if the authorization header is not included in the API call or if the authorization information is incorrect.

{
  "error": {
    "type": "authentication_error",
    "message": "Invalid secret key."
  }
}