Authentication
Learn how to authenticate to Meld and protect your API keys
Overview
Meld uses API keys to authenticate requests. These keys carry many privileges such as authorizing payments and accessing financial accounts data. It is important to keep them private and secure during both storage and transmission.
Authentication is handled via HTTP headers, and the Authorization header.
curl --location --request \
GET 'https://api.meld.io/<ENDPOINT>' \
--header 'Authorization: BASIC {{Your API Key}}'
"BASIC" AuthorizationWhen submitting your API key for authentication, you must specify "BASIC " before the key value pair.
To help keep your API keys secure, follow these best practices:
-
Do not embed API keys directly in code, because it can be accidentally exposed to the public. Instead of embedding your API keys in your applications, store them in environment variables or in files outside of your application's source tree.
-
Do not store your API keys in files inside your application's source tree. If you must store API keys in files, keep the files outside your application's source tree to ensure your keys do not end up in your source code control system, especially if you use a public source code management system such as GitHub.
-
Delete unneeded API keys to minimize exposure to attacks.
-
Review your code before publicly releasing it. Ensure that your code does not contain API keys or any other private information before you make your code publicly available.
Updated 2 months ago