The PCI Proxy APIs require different authentication methods depending on the called API:
API Key - is used only for the following endpoints:
https://sandbox.pci-proxy.com/v1/pull
https://sandbox.pci-proxy.com/v1/push/uniquePushKey
Basic Authentication - is used for all other endpoints.
See an overview below about which authentication method should be applied to protect your requests.
The productive authentication data can be accessed once you activated your account for production.
Use your API key as the value for the pci-proxy-api-key
HTTP header to send PULL/PUSH requests.
It is possible to create and name multiple API keys each project.
You can obtain the API key menu within the Developers menu item in the Project section in the Dashboard.
If you don’t have an administrator role you may not have access to view your API keys in the Dashboard. Contact someone of your organisation with appropriate access and ask to be added with required rights.
Generate the Basic Authentication HTTP header using:
API Username / Merchant ID
as the basic authentication username value
API Password
as the basic authentication password value
You can obtain those values within the Developers menu item in the Project section in Dashboard.
Create a base64 encoded value of API Username and API Password (most HTTP clients are able to handle the base64 encoding automatically) and submit the Authorization header with each request. For example:
base64(merchantId:password) = MTAwMDAxMTAxMTpYMWVXNmkjJA==
Authorization: Basic MTAwMDAxMTAxMTpYMWVXNmkjJA==
All API requests must be done over HTTPS with TLS >= 1.2.