To safeguard our API against unauthorized access, we employ the widely recognized and secure HTTP header Authorization: Bearer {apikey}.

In the header, you are required to include an API key generated from our web portal to enable programmatic access to our web services. You have the flexibility to generate as many keys as necessary for your usage.

Examples

API Key = xxx.xxx.xxx

Raw HTTP

GET /v1/banks HTTP/1.1
Host: rest.rafiki-api.com
Authorization: Bearer xxx.xxx.xxx
Accept: application/json

Curl://

curl --request GET \
     --url https://rest.rafiki-api.com/v1/banks \
     --header 'Authorization: Bearer xxx.xxx.xxx' \
     --header 'Accept: application/json'

Go

package main

import (
    "net/http"
)

func main() {

	url := "https://rest.rafiki-api.com/v1/banks"

	req, _ := http.NewRequest("GET", url, nil)

	req.Header.Add("Accept", "application/json")
	req.Header.Add("Authorization", "Bearer xxx.xxx.xxx")

	res, err := http.DefaultClient.Do(req)

	// ....
}

Rust

extern crate reqwest;

fn main() {
    let url = "https://rest.rafiki-api.com/v1/banks";

    let client = reqwest::blocking::Client::new();
    let res = client
        .get(url)
        .header("Accept", "application/json")
        .header("Authorization", "Bearer xxx.xxx.xxx")
        .send();

    // ...
}

Java

import java.net.HttpURLConnection;
import java.net.URL;

public class Main {
    public static void main(String[] args) throws Exception {
        String url = "https://rest.rafiki-api.com/v1/banks";
        URL obj = new URL(url);
        HttpURLConnection con = (HttpURLConnection) obj.openConnection();

        con.setRequestMethod("GET");
        con.setRequestProperty("Accept", "application/json");
        con.setRequestProperty("Authorization", "Bearer xxx.xxx.xxx");

        // ...
    }
}

Scopes

To enhance security, our system enables you to finely tailor different permissions and access levels for each key. This implies that your application's modules have the option to utilize keys with permissions specifically tailored to their respective tasks.

Our web portal enables you to define scopes for each key when creating them. To prioritize security, please ensure responsible allocation of permissions, granting only what is essential for the intended use.

The table below outlines the resources' available operations and the corresponding scopes necessary to execute such operations.

Operations	Required scopes
Create payout	payout:write, payment-account:write
Get payout, List payouts	payout:read
Create payment accounts	payment-account:write
List payment accounts	payment-account:read
List wallets	wallet:read
List banks	bank:read
Get lookups	lookup:read
Create statement	statement:write
Get statement, List statement lines	statement:read