Medici Bank API
Medici Bank API

Authentication

The MBAPI uses three main forms of credential verification for secure authentication.

  1. API Keys
  2. HMAC Signatures
  3. Authorization Tokens

API Keys

When you sign up for an account, you will be granted your own unique set of API credentials. The two main credentials you will need is the Medici Bank API Key MBAPI-KEY and the Medici Bank API Token MBAPI-TOKEN.

Your key is public and should be passed along within your API call headers. (More on Headers later). You token is private and should not be passed along (or exposed) in any public setting. Failure to do so can allow for a hacker to create API requests on your behalf. Your account will be suspended if a breach or unexpected activity is detected on your account.

HMAC Signature

In order to secure each request, we enforce that each call be sent as a Hash-based Message Authentication Code or HMAC Signature. For more on how to construct the HMAC signature, go to Making Requests.

Authorization Tokens

As a third layer of security, we require users of the API to create a MBAPI-AUTHTOKEN via our /authenticate API call. Tokens expire after 15 minutes and you would pass the token via the Authorization Header.

Authorization: Bearer MBAPI-TOKEN

Next, we will look at the API Methods we allow…

Medici Bank International © 2019. All Rights Reserved.