API Authorization and Authentication

Learn about the authentication and authorization process for Bureau APIs.

To ensure secure access to Bureau APIs, we require authentication and authorization for every request. This process verifies the identity of the sender and confirms their permission to perform the requested action.

📘

Secure API Requests

Ensure all API requests are made over HTTPS to prevent data interception.

API Gateway URLs

Below are Bureau's API Gateway URLs. You need to include this before each API endpoint to make API calls.

  • Test Mode: https://api.sandbox.bureau.id/
  • Live Mode: https://api.bureau.id/

Authentication Method: Basic Auth

We use Basic authentication for all API requests. To authenticate API requests, you'll need your API Credential ID and Credential Secret. These are available in your Bureau Dashboard.

Authorization Header Format

All API requests must include an Authorization header in the following format:

Authorization: Basic base64encoded_credentials

Here, base64encoded_credentials is a base64-encoded string of your API Credential ID and Credential Secret, separated by a colon (e.g., YOUR_CREDENTIAL_ID:YOUR_CREDENTIAL_SECRET).

Below are code snippets of how to send authorization in a few different languages.

--header 'Authorization: Basic base64encoded_credentials'
req.Header.Set("Authorization", "Basic "+encodedCredentials)


const options = {
  headers: {
    Authorization: 'Basic base64encoded_credentials'
  }
};
headers = {
    "Authorization": "Basic base64encoded_credentials"
}
curl_setopt_array($curl, [
  CURLOPT_HTTPHEADER => [
    "Authorization: Basic base64encoded_credentials"
  ],
]);

📘

Header Format

Strictly adhere to the specified header format. Invalid formats will result in authentication failures.

Following are a few examples of invlaid header formats: BASIC base64encoded_credentials, basic base64encoded_credentials, Basic "base64encoded_credentials" and Basic $base64encoded_credentials.