Skip to content

Authenticating your requests

Authenticating your requests

Bearer Auth

Authenticating your API requests is done by passing your ACCESS_TOKEN in the request's HTTP header as the authorization bearer: Authorization: Bearer <ACCESS_TOKEN>.

curl -X GET \
  '<BASE_URL>/v1/balance' \
  --header 'Accept: */*' \
  --header 'Authorization: Bearer <ACCESS_TOKEN>'

Note

To help you distinguish Access Token from other secrets, they are as a convention always prefixed with at_.

Security

All API requests must be made over HTTPS and authenticated. Calls made over plain HTTP will be rejected. API requests without authentication will also be rejected.

Getting your Access Token

We currently give access to our Business API to selected partners. If you were selected, you should should have received your staging ACCESS_TOKEN as part of your onboarding.

Rotating your Access Token

For the moment, your Access Token can be rotated by simply contacting Djamo.

Please contact your Djamo Business account manager if you need help with retrieving or rotating your ACCESS_TOKEN.

Danger

Your ACCESS_TOKEN can be used to move money from your business account and access other sensitive information. So please, make sure to keep it secure!

Do not share your secret ACCESS_TOKEN with any third parties, and do not expose it in publicly accessible areas such as GitHub, client-side code, etc...