To ensure secure client server communication, every API call should be authorized. Out of the various Authorization methods available, Midtrans uses BASIC AUTH
. The format for BASIC AUTH is Username:Password
. Using BASIC AUTH, API key can be passed as either Username
or Password
. For Midtrans, API key is passed as the Username
, paired with an empty value for Password
. It is then encoded into Base64 format and used as the authorization header.
Authorization Header
The Midtrans authorization header follows HTTP(S) BASIC AUTH convention. It utilizes Merchant Server Key as Username
and blank value for Password
.
Authorization Header Example
To get the authorization header, follow the steps given below.
-
Get the Server Key.
The Server Key is unique for Sandbox environment and Production environment. To obtain the respective Server Key follow the links given below. -
Replace
Username
andPassword
.
The BASIC AUTH format isUsername:Password
. ReplaceUsername
with Server Key and leavePassword
blank.
So, this results in a string{Your_Server_Key}:
. -
Encode the resulting string to Base64 format.
-
Include this Base64 encoded string in the HTTP(S) header. Prepend the authorization method (
Basic
) and a space (Authorization: Basic [Base64({Your_Server_Key}:)]
For an example key, refer to the table given below.
Server Key | SB-Mid-server-abc123cde456 |
---|---|
BASIC AUTH format | SB-Mid-server-abc123cde456: |
Base64 | U0ItTWlkLXNlcnZlci1hYmMxMjNjZGU0NTY6 |
Authorization | Basic U0ItTWlkLXNlcnZlci1hYmMxMjNjZGU0NTY6 |
Note
Remember to include : to the Server Key before passing it to the Base64 encoder
The Authorization Header given in the example is for reference only. Please use your own Sandbox/Production Server Key to create your API key.
The API keys for Sandbox and Production are different. When going live, generate new API Keys to access the live endpoints.