API & Apps Authentication
- Updated on 20 Jul 2020
- 1 minute to read
Creating an API Account
With API access rights enabled for your tenant, creating an API account is as simple as creating a user. In fact, you can simply grant API access to any existing user in the system, but it's preferable to create a new user just for your APIs for a more clear transaction audit trail.
Mambu uses Basic Authentication for authorizing all API calls. A username and password is specified with each request and is verified on the server. To ensure the username and password cannot be intercepted, all requests must use HTTPS.
API accounts must be granted permissions to perform individual actions (such as making deposits, viewing clients, and so on) just like regular user accounts. An administrator or a user with the right permissions can enable and disable various permissions for the API access.
HTTPS must be used for all communications. This ensures that both your requests (with the username and password) as well as the data returned (such as client and account information) are encrypted to prevent eavesdropping, tampering or forging the contents of the communication.