Authentication & Authorization
The Flexiown.Platform.Payments API uses API keys for authentication. To access the API, you must include your API key in the header of each request.
API Key
Obtaining an API Key
To obtain an API key, please contact the Flexiown.Platform.Payments support team or follow the instructions provided in your account dashboard.
Using the API Key
Include your API key in the header of each request to the API using the api-key header field. For example:
api-key: your_api_key_here
Replace your_api_key_here with your actual API key.
Protecting Your API Key
Your API key is sensitive information and should be treated like a password. To keep your API key secure, follow these best practices:
- Do not share your API key with anyone.
- Do not include your API key in client-side code or public repositories.
- Use a secure method to store your API key, such as environment variables or a secrets management service.
- Regularly review and rotate your API keys.
If you believe your API key has been compromised, contact the Flexiown.Platform.Payments support team immediately to request a new API key and invalidate the old one.
Trust Signature
When communicating with the API for a specific payment, you must include the original trust seed and trust value in the payload of each request. We will use these values to verify that the request is coming from a trusted source. The values have to be the same values that were used to create the payment. These values will be turned into the trust signature and used to verify the request.
You will still need to provide the API key in the header of each request as well as the trust seed and trust value in the payload. The trust signature will be included in the payload of the request. The client will need to store the trust signature for each payment, and also use it to verify data from the API.
Rate Limiting
The Flexiown.Platform.Payments API may enforce rate limiting to ensure fair usage and protect the service from abuse. If you exceed the allowed number of requests per minute, the API will return a 429 Too Many Requests HTTP status code. In this case, you should wait for a short period before making additional requests.
To avoid hitting rate limits, consider implementing caching, exponential backoff, and request throttling in your application.
Now that you know how to authenticate your requests, proceed to the Base URL & Versioning section to learn about the API's base URL and versioning scheme.