GET /v1/configuration HTTP/1.1
Host: global-api-sandbox.afterpay.com
Authorization: Basic MzI6YWJjZGVmZ2g=
curl "https://global-api-sandbox.afterpay.com/v1/configuration" \
-H 'Authorization: Basic MzI6YWJjZGVmZ2g='
var request = require("request");
var options = {
url: 'https://global-api-sandbox.afterpay.com/v1/configuration',
headers: {
Authorization: 'Basic MzI6YWJjZGVmZ2g='
}
};
request(options, function (error, response, body) {
if (error) throw new Error(error);
console.log(body);
});
require 'uri'
require 'net/http'
url = URI("https://global-api-sandbox.afterpay.com/v1/configuration")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Get.new(url)
request["Authorization"] = 'Basic MzI6YWJjZGVmZ2g='
response = http.request(request)
puts response.read_body
import requests
url = "https://global-api-sandbox.afterpay.com/v1/configuration"
headers = {
'Authorization': "Basic MzI6YWJjZGVmZ2g="
}
response = requests.request("GET", url, headers=headers)
print(response.text)
The Clearpay Online API uses Basic HTTP Authentication, a simple authentication scheme built into the HTTP protocol, as specified by RFC 7617.
With the exception of Ping, all Online API endpoints require this form of authentication. Failure to correctly authenticate an API request will result in a "401 Unauthorized" response.
Consider the following example.
Merchant ID | Secret Key |
---|---|
32 | abcdefgh |
Note
In conventional HTTP terms, "Merchant ID" is the username and "Secret Key" is the password.
Clearpay provides merchant accounts per region, and each merchant account has unique API credentials.
The credentials are joined by a colon character (without any spaces), then base64-encoded.
Plain Text | Base64 Encoded |
---|---|
32:abcdefgh | MzI6YWJjZGVmZ2g= |
The Authorization
header can then be formed by including the word Basic
, followed by a single space character, followed by the base64-encoded credential pair.
Final Header |
---|
Authorization: Basic MzI6YWJjZGVmZ2g= |
Security Notice
Please note that the base64-encoding of the
Authorization
header is unrelated to security. All HTTP headers and bodies (for both requests and responses) between the Merchant and Clearpay are encrypted with TLS. The reason for base64-encoding is solely to comply with the RFC 7617 standard, which allows non-HTTP characters and multibyte strings to be used for Basic HTTP Authentication.