Rutter uses your client_id and client_secret keys to control access to our API via HTTP Basic Auth. You can find your keys in your dashboard for each of our API environments (sandbox, production).

Don't have a Rutter account? Click here to get started!


Keep your secret a secret!

Make sure your 'client_id' and 'client_secret' aren't available in publicly accessible areas, such as GitHub or client-side code.

When making an API request to the server, Rutter expects your client_id and client_secret to be Base64 encoded within the Authorization header. The header is formed by concatenating the word Basic, followed by a space ( ), and a base64 encoded string of the client_id, a colon (:), and the client_secret.

Authorization: Basic base64({client_id}:{client_secret})

For example, if your client_id is my_client_id and your client_secret is my_client_secret, the header will be:

Authorization: Basic bXlfY2xpZW50X2lkOm15X2NsaWVudF9zZWNyZXQ=


Authorization Header

For all requests to get business data, you must add Authorization header with a value of Basic, followed by a space, a Base64 encoded client_id, a colon, and client_secret