Authentication
Here's what you need to know to authenticate your requests when calling the Deck API
After accessing your keys from the Dashboard, you can choose which API server you wish to use.
There are 2 available:
- Live Deck API server
- Sandbox Deck API server
To use the Live Deck API you can raise the request for your client_id and Secret on your dashboard.
Take note of the Client ID and environment secret that you want to use. Those must be provided for authentication when calling the Deck API, through the usage of x-deck-client-id
and x-deck-secret
headers in your requests.
For example, if you want to connect with the Deck Sandbox API server, use your sandbox secret. If you want to connect with the Deck Live API server, use your development or production secret.
The Link widget can communicate with both servers and will use the one corresponding to the secret you've used for generating a Link_token.
As a best practice we recommend that every request sent to the Deck API that uses your client ID and secret be made from your backend in order to not leak your sensitive keys in a browser page.
Be sure to always use the type of secret corresponding to the API server you want to use. Using a development/production secret in a request to the Sandbox API or using a sandbox secret in a request to the Live API will result in a 401 Unauthorized.
Let's see how to generate a Link_token on the next page.
Updated about 2 months ago