Authentication
Our API is based on a single endpoint architecture approach. The specific operations are determined from the requests sent to this endpoint.
1app authenticates your API requests using your account’s API keys. If you do not include your key when making an API request or use one that is incorrect or outdated, 1app returns an error.
Every account created on 1app has a priviledge to generate two kinds of API keys:
- Secret key: This is the most powerful type of key to authorize any action on your 1app account, so it should never be exposed to the public.
- Public key: This key can be used for public API call scenarios, such as in front-end JavaScript code (e.g. List banks, Data Plans etc).
- Log in to your
1app account Dashboard. - Navigate to Settings
- Select the API Keys/Webhook tab in the Developers section of the menu to view and copy your keys.
Your secret keys are to be kept secret and only stored on your servers, preferably as an environment variable. Do not include them in your GitHub repository, or use them in client-side code.
If for any reason, you believe your secret key has been compromised, you can reset them from the dashboard
All API requests must be made over HTTPS. All API calls to 1app endpoints require authorization. Any requests made without authorization will fail.
Authorization: "Bearer YOUR_SECRET_KEY"
Authorization: Bearer 1applive_sk_0a21husgdsyda2dbaa329a9876c917
All API requests exist in either test or live mode, and one mode cannot be manipulated by data in the other.
Last modified 2mo ago