SPENDiD APIs authenticate using API Keys passed in the x-api-key HTTP header over https protocol.

curl --request POST \
  --url \
  --header 'accept: application/json' \
  --header 'content-type: application/json' \
  --header 'x-api-key: your_api_key'

Auth errors are returned with HTTP status code 403.

    "message": "Forbidden"

Note: If you receive a 400 Bad Request response, your auth was successful but the request has failed to validate.

  "message": "Invalid request body"


Endpoints may be authorized separately.

API Keys may be authorized for some but not all services.

Confirm with your account administrator which services your key is authorized for if you are having issues accessing individual endpoints.