To ensure secure client server communication, every API call should be authorized. Out of the various Authorization methods available, Midtrans uses BASIC AUTH. The format for BASIC AUTH is Username:Password. Using BASIC AUTH, API key can be passed as either Username or Password. For Midtrans, API key is passed as the Username, paired with an empty value for Password. It is then encoded into Base64 format and used as the authorization header.

Authorization Header

The Midtrans authorization header follows HTTP(S) BASIC AUTH convention. It utilizes Merchant Server Key as Username and blank value for Password.

Authorization Header Example

To get the authorization header, follow the steps given below.

  1. Get the Server Key.
    The Server Key is unique for Sandbox environment and Production environment. To obtain the respective Server Key follow the links given below.

  2. Replace Username and Password.
    The BASIC AUTH format is Username:Password. Replace Username with Server Key and leave Password blank.
    So, this results in a string {Your_Server_Key}:.

  3. Encode the resulting string to Base64 format.

  4. Include this Base64 encoded string in the HTTP(S) header. Prepend the authorization method (Basic) and a space ( ) to the encoded string. The authorization header is as given below:

    Authorization: Basic [Base64({Your_Server_Key}:)]

For an example key, refer to the table given below.

Server Key SB-Mid-server-abc123cde456
BASIC AUTH format SB-Mid-server-abc123cde456:
Base64 U0ItTWlkLXNlcnZlci1hYmMxMjNjZGU0NTY6
Authorization Basic U0ItTWlkLXNlcnZlci1hYmMxMjNjZGU0NTY6



Remember to include : to the Server Key before passing it to the Base64 encoder

The Authorization Header given in the example is for reference only. Please use your own Sandbox/Production Server Key to create your API key.

The API keys for Sandbox and Production are different. When going live, generate new API Keys to access the live endpoints.