API & Apps Authentication
  • Updated on 04 Feb 2019
  • 1 minute to read
  • Print
  • Share
  • Dark
    Light

API & Apps Authentication

  • Print
  • Share
  • Dark
    Light

Creating an API Account

With APIs enabled for your tenant, creating an API account is as simple as creating a user. In fact, you can simply grant API access to any existing user in the system, but it's preferable to create a new user just for your APIs  for a more clear transaction audit trail.
 
Creating a new user screen with important areas for authentication highlighted in red

Please Note
If you have Enabled Federated Authentication, in order to create a new API user, please go through this flow: Creating API users once Federated Authentication is enabled

Basic Auth

Mambu uses Basic Authentication for authorizing all API calls. A username and password is specified with each request and is verified on the server. To ensure the username and password cannot be intercepted, all requests must use HTTPS.

Permissions

API accounts must be granted permissions to perform individual actions (such as making deposits, viewing clients, etc) just like normal users. Clicking the 'Permissions' button will allow the administrator to enable and disable various permissions for the API access

Using HTTPS

HTTPS must be used for all communications. This ensures that both your requests (with the username and password) as well as the data returned (such as client and account information) is encrypted to prevent eavesdropping, tampering or forging of the contents of the communication.

Was this article helpful?