To interact with the Payfonte API, you need to authenticate your requests. Authorization is required for all API calls to ensure the security and integrity of the payment transactions. Payfonte uses industry-standard authentication mechanisms to protect your account and data.
Security
We strongly advised that the client-secret should not be used on any frontend application or saved in any frontend application storage as it grants an attacker full access to the client's data and resources on the platform.
Account
You can create an account in any environment you want to work with. We advise you create a sandbox account for testing purposes only as it doesn't scale for production workload.
PS: Default verification code on sandbox is 4777
Authorization
You can find your client-id and client-secret in the Settings > API Keys/Webhook section. These parameters should be passed in the headers only. The client-secret should not be used on any frontend application as it gives an attacker full access to your platform.
Client ID and Client Secret
Payfonte uses a combination client-id and client-secret keys for authentication. To obtain both keys, you need to create an account with Payfonte and generate your client-id and client-secret from the account settings. The client-secret acts as a secret token that authenticates your requests to Payfonte.
Using the Credentials
To include the client-id and client-secret in your API requests, you should include it as an HTTP header. The exact method for including the client-id and client-secret may vary depending on the API endpoint and the programming language or framework you are using. Here's an example of including the client-id and client-secret as an HTTP header:
//header of the request should contain:
curl --request POST \
--url http://baseURL/... \
--header 'Content-Type: application/json' \
--header 'client-id: <client-id>' \
--header 'client-secret: <client-secret>'
Replace with your actual client-id and with your actual client-secret obtained from Payfonte
Note: Keep your client-secret secure and do not share it with unauthorized parties. Treat it as a sensitive piece of information to protect the integrity and security of your payment transactions.