The Magic API uses Basic authentication, a simple method for an HTTP user agent to provide a user name and password when making a request.

In basic HTTP authentication, a request contains a header field in the form of Authorization: Basic , where credentials is the Base64 encoding of ID and password joined by a single colon :

All API endpoints require this form of authentication. Failure to correctly authenticate an API request will result in a "401 Unauthorized" response.

Consider the following example.

Merchant Token

Secret Key



The Authorization header can then be formed by including the word Basic, followed by the base 64 string of "Demo:test"

Final result

Authorization: Basic ZGVtbzp0ZXN0