Skip to main content

Authentication

The Credit App API uses API keys to provide secure access to our services. API keys are unique identifiers that allow you to authenticate your requests to our API. To obtain an API key please contact the credit app support team.

API Keys

Credit App currently issues 3 types of API Keys:

  • Retailer API Keys
    • These keys allow a specific retailer to call the API
  • Creditor API Keys
    • These keys allow a specific creditor to call the API
  • Integration API Keys
    • These keys allow an integration partner to call the API on behalf of retailers or creditors that have enabled the integration

Process Overview

The authentication process is as follows:

  1. Add your API key to the Authorization header in the form: Bearer <API Key> replacing <API Key> with the key you received from Credit App

  2. (Retailer/Creditor API Keys MUST skip this step) Integration API Keys making calls on behalf of a specific retailer MUST add the following header to each request: X-CREDITAPP-RETAILER-ID with the ID of the retailer as the value. And when they want to make calls on behalf of specific creditors they MUST add this header to each request: X-CREDITAPP-CREDITOR-ID with the ID of the creditor as the value. NOTE: The retailer/creditor must have enabled your integration in order to make calls on their behalf.

Scopes

Scopes are used to limit the access of an access token to specific resources. The Credit App API uses the following scopes:

  • Retailer: This scope is used to access retailer specific resources.
    • Retailer API Keys get this scope
    • Integrations act in the retailer scope when passing the X-CREDITAPP-RETAILER-ID header
  • Creditor: This scope is used to access creditor specific resources.
    • Creditor API Keys get this scope
    • Integrations act in the creditor scope when passing the X-CREDITAPP-CREDITOR-ID header
  • Integration: This scope is used to perform actions on behalf of the integration itself. (Ex: enabling your integration for a retailer)