Rutter uses your client_id
and client_secret
keys to control access to our API via HTTP Basic Auth. You can find your keys in your dashboard for each of our API environments (sandbox, production).
You must keep these keys secret, so make sure it isn't available in publicly accessible areas, such as GitHub and client-side code.
Rutter expects your client_id
and client_secret
to be included in API requests to the server, Base64 encoded within an Authorization
header. The header is formed by concatenating the word Basic
, followed by a space, and a base64 encoded string of the client_id
, a colon (:), and the client_secret
.
Authorization: Basic base64({client_id}:{client_secret})
For example, if your client_id
is my_client_id
and your client_secret
is my_client_secret
, the header will be:
Authorization: Basic bXlfY2xpZW50X2lkOm15X2NsaWVudF9zZWNyZXQ=
Authorization Header
For all requests to merchant data, you must add
Authorization
header with a value ofBasic
, followed by a space, a Base64 encodedclient_id
, a colon, andclient_secret