Authentication
Authenticating your requests to the Bluerails API using your Organization ID and API Key.
All requests to the Bluerails API must be authenticated using your unique Organization ID and secret API key. Requests without valid authentication will fail with a 401 Unauthorized
error.
We use standard HTTP Basic Authentication over HTTPS.
Using Your Credentials
For Basic Authentication with Bluerails:
- The Username is your
ORGANIZATION_ID
. - The Password is your secret
API_KEY
.
You need to provide these credentials in the Authorization
header for every API request.
Constructing the Header:
- Form the string
ORGANIZATION_ID:API_KEY
(your Organization ID, followed by a colon, followed by your secret API key). - Base64 encode this string.
- Prepend
Basic
(with a space) to the Base64 encoded string.
Most HTTP clients and libraries have built-in support for Basic Authentication. You usually just need to provide the Organization ID as the username and the API key as the password.
API Key Types
You will have separate API keys (and potentially Organization IDs) for different environments:
- Test Credentials: Used for development and testing in the sandbox environment. Test API keys typically start with
blue_test_sk_...
. - Live Credentials: Used for production requests processing real transactions. Live API keys typically start with
blue_live_sk_...
.
Ensure you use the correct Organization ID and API key corresponding to the environment you intend to interact with. Test credentials cannot be used for live transactions, and vice-versa.
Obtaining Your Credentials
You can find your Organization ID and generate/manage your API keys from the Bluerails Dashboard (replace with actual link if different) under the API settings or developer section.
Example Request (using cURL)
Here’s how you might make a request using curl
, letting it handle the Basic Auth encoding:
Alternatively, manually encoding and setting the header:
- Get your Base64 encoded credentials: (Placeholder for command to generate base64 string from ORG_ID:API_KEY)
- Use the encoded string in the Authorization header: (Placeholder for curl command using -H Authorization: Basic)
- Keep your API keys confidential! Treat them like passwords. Your Organization ID is generally less sensitive, but the API key must be kept secret.
- Never share your secret keys in publicly accessible areas like GitHub repositories, client-side code, or public forums.
- Only grant access to API keys to those who need them.
- Consider rotating your API keys periodically for enhanced security. You can manage key rotation in the Bluerails Dashboard.