API & Apps Authentication
- Updated on 04 Feb 2019
- 1 minute to read
Creating an API Account
With APIs enabled for your tenant, creating an API account is as simple as creating a user. In fact, you can simply grant API access to any existing user in the system, but it's preferable to create a new user just for your APIs for a more clear transaction audit trail.
Mambu uses Basic Authentication for authorizing all API calls. A username and password is specified with each request and is verified on the server. To ensure the username and password cannot be intercepted, all requests must use HTTPS.
API accounts must be granted permissions to perform individual actions (such as making deposits, viewing clients, etc) just like normal users. Clicking the 'Permissions' button will allow the administrator to enable and disable various permissions for the API access
HTTPS must be used for all communications. This ensures that both your requests (with the username and password) as well as the data returned (such as client and account information) is encrypted to prevent eavesdropping, tampering or forging of the contents of the communication.