To safeguard our API against unauthorized access, we employ the widely recognized and secure HTTP header Authorization: Bearer {apikey}.
In the header, you are required to include an API key generated from our web portal to enable programmatic access to our web services. You have the flexibility to generate as many keys as necessary for your usage.
Examples
API Key = xxx.xxx.xxx
Raw HTTP
GET /v1/banks HTTP/1.1
Host: rest.rafiki-api.com
Authorization: Bearer xxx.xxx.xxx
Accept: application/json
Curl://
curl --request GET \
--url https://rest.rafiki-api.com/v1/banks \
--header 'Authorization: Bearer xxx.xxx.xxx' \
--header 'Accept: application/json'
Go
package main
import (
"net/http"
)
func main() {
url := "https://rest.rafiki-api.com/v1/banks"
req, _ := http.NewRequest("GET", url, nil)
req.Header.Add("Accept", "application/json")
req.Header.Add("Authorization", "Bearer xxx.xxx.xxx")
res, err := http.DefaultClient.Do(req)
// ....
}
Rust
extern crate reqwest;
fn main() {
let url = "https://rest.rafiki-api.com/v1/banks";
let client = reqwest::blocking::Client::new();
let res = client
.get(url)
.header("Accept", "application/json")
.header("Authorization", "Bearer xxx.xxx.xxx")
.send();
// ...
}
Java
import java.net.HttpURLConnection;
import java.net.URL;
public class Main {
public static void main(String[] args) throws Exception {
String url = "https://rest.rafiki-api.com/v1/banks";
URL obj = new URL(url);
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
con.setRequestProperty("Accept", "application/json");
con.setRequestProperty("Authorization", "Bearer xxx.xxx.xxx");
// ...
}
}
Scopes
To enhance security, our system enables you to finely tailor different permissions and access levels for each key. This implies that your application's modules have the option to utilize keys with permissions specifically tailored to their respective tasks.
Our web portal enables you to define scopes for each key when creating them. To prioritize security, please ensure responsible allocation of permissions, granting only what is essential for the intended use.
The table below outlines the resources' available operations and the corresponding scopes necessary to execute such operations.
| Operations | Required scopes |
|---|---|
| Create payout | payout:write, payment-account:write |
| Get payout, List payouts | payout:read |
| Create payment accounts | payment-account:write |
| List payment accounts | payment-account:read |
| List wallets | wallet:read |
| List banks | bank:read |
| Get lookups | lookup:read |