Rutter uses your client_id and client_secret keys to control access to our API via HTTP Basic Auth. You can find your keys in your dashboard for each of our API environments (sandbox, production).

You must keep these keys secret, so make sure it isn't available in publicly accessible areas, such as GitHub and client-side code.

Rutter expects your client_id and client_secret to be included in API requests to the server, Base64 encoded within an Authorization header. The header is formed by concatenating the word Basic, followed by a space, and a base64 encoded string of the client_id, a colon (:), and the client_secret.

Authorization: Basic base64({client_id}:{client_secret})

For example, if your client_id is my_client_id and your client_secret is my_client_secret, the header will be:

Authorization: Basic bXlfY2xpZW50X2lkOm15X2NsaWVudF9zZWNyZXQ=

📘

Authorization Header

For all requests to merchant data, you must add Authorization header with a value of Basic, followed by a space, a Base64 encoded client_id, a colon, and client_secret