Authorizing API Calls

We authenticate all API calls on Airgate. If an API request is made without authorization, the request will fail with the status code 401: Unauthorized.

Your secret key can perform any actions on your Airgate account without restriction. Keep this key confidential and only store it on your servers (preferably as an environment variable).

NEVER include your secret key in your Git repository or front-end JavaScript code.

To authorize API calls from your server, you are required to pass your secret key and merchant key in your request header. This means passing header with a value of {"secret-key": YOUR_SECRET_KEY, "merchant-key": YOUR_PUBLIC_KEY}

For instance, an API call could look like this in JavaScript:

const axios = require('axios');
let data = JSON.stringify({
  "amount": 1000,
  "user": {
    "name": "Alex Hunter",
    "phone": "08134575575",
    "email": "alexhunter@callphoneng.com"
  },
  "callback_url": 'YOUR_CALLBACK_URL'
});

let config = {
  method: 'post',
  maxBodyLength: Infinity,
  url: '/payment_initiate_hosted' ,
  headers: { 
    'secret-key': 'YOUR_SECRET_KEY', 
    'merchant-key': 'YOUR_MERCHANT_KEY', 
    'Content-Type': 'application/json'
  },
  data : data
};

axios.request(config)
.then((response) => {
  console.log(JSON.stringify(response.data));
})
.catch((error) => {
  console.log(error);
});

With our SDK's when available, you don’t need to pass the header manually; instead, you’ll provide your keys when initializing the library.

Contact Airgate Support if you have questions or need help authorizing your requests during integration.