API & Apps Authentication
  • Updated on 20 Jul 2020
  • 1 minute to read
  • Print
  • Share
  • Dark
    Light

API & Apps Authentication

  • Print
  • Share
  • Dark
    Light

Creating an API Account

With API access rights enabled for your tenant, creating an API account is as simple as creating a user. In fact, you can simply grant API access to any existing user in the system, but it's preferable to create a new user just for your APIs for a more clear transaction audit trail.
 
Creating a new user screen with important areas for authentication highlighted in red

Please Note
If you have Federated Authentication enabled, in order to create a new API user, please go through this flow: Creating API users once Federated Authentication is enabled

Basic Auth

Mambu uses Basic Authentication for authorizing all API calls. A username and password is specified with each request and is verified on the server. To ensure the username and password cannot be intercepted, all requests must use HTTPS.

Permissions

API accounts must be granted permissions to perform individual actions (such as making deposits, viewing clients, and so on) just like regular user accounts. An administrator or a user with the right permissions can enable and disable various permissions for the API access.

Using HTTPS

HTTPS must be used for all communications. This ensures that both your requests (with the username and password) as well as the data returned (such as client and account information) are encrypted to prevent eavesdropping, tampering or forging the contents of the communication.

Was this article helpful?