To authorise the communication between your applications and Torus Mara, you'll need your API keys which can be generated or retrieved from the API keys tab on the Settings module of your Torus Mara dashboard .
Torus Mara authenticates your API requests using your account’s Bearer token and Public key and this should be kept confidential as it can perform any API request to Torus Mara without restriction.
Your API Keys 🔑
Every Torus Mara account has three sets of API keys namely :
- API Secret : This is a unique value specified by the fintech partner and it's strictly for the purpose of generating the other API keys.
- Public key : This key is used to encrypt your POST payload before making the request. For step-by-step process on encrypting your payload, kindly check Encryption Guide for details.
- Bearer Token : This key is meant solely to identify your account on Torus Mara. It can safely be published in places like your Frontend or Mobile app. This would generated upon configuration of your account for API by Torus Mara.
If you do not include your key when making an API request or use one that is incorrect, Torus Mara will return an appropriate error.
{
"status": 401,
"data": null,
"message": "error has occurred",
"error": {
"id": "850df52f-9101-4558-a252-9e80248ea598",
"details": "token is invalid/expired",
"message": "token supplied is invalid/expired"
}
}
The id parameter returned in the response of a failed request is the Error ID and should be utilized for appropriate tracking.
Authenticating your POST Requests.
| Key | Value |
|---|---|
| Authorization | The token retrieved from your dashboard would be passed here. |
| Signature | SHA256(Public key+reference) |
Reference
This is the ID provided in the request body uniquely identifying each transaction which is also used with the public key in creating the signature.
curl --location --request POST 'http://app.torusmara/api/v1/customer' \
--header 'Authorization: Bearer eyJidXNpbmVzc0lEIjoiOTIzYjJkZjUtNGE4OS00Y2ViLWIxNDgtYzJlNWFjNTJkMDRlIiwidXNlcklEIjoiMjQ4YmFhNDMtYzQ0Yi00ZjYwLWI2MWQtY2VlZjYwOThjNzg1Iiwia2V5Ijoib2xhcHJvZzEifQ==' \
--header 'Signature: a5dd115fb9dcf006972a8138cb715a3744929543808233700f4b72ed448874cd' \
--header 'Content-Type: application/json' \
--data-raw '{}
Authenticating your GET / PUT / DELETE / PATCH Requests.
| Key | Value |
|---|---|
| Authentication | The bearer token retrieved from your torus mara dashboard would be passed here. |
curl --location --request GET 'http://app.torusmara/api/v1/customer/transfers/3b142e5f-d123-46a3-8543-f1819701a8a2' \
--header 'Authorization: Bearer eyJidXNpbmVzc0lEIjoiOTIzYjJkZjUtNGE4OS00Y2ViLWIxNDgtYzJlNWFjNTJkMDRlIiwidXNlcklEIjoiMjQ4YmFhNDMtYzQ0Yi00ZjYwLWI2MWQtY2VlZjYwOThjNzg1Iiwia2V5Ijoib2xhcHJvZzEifQ=='