The Xfers API uses API keys to authenticate requests. You can view and manage your API keys and secrets in the Xfers Dashboard.

Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

Authentication to the API is performed via HTTP Basic Auth (basic access authentication).

In the context of an HTTP transaction, basic access authentication is a method for an HTTP user agent (e.g. a web browser) to provide a user name and password when making a request. In basic HTTP authentication, a request contains a header field in the form of Authorization: Basic <credentials>, where credentials is the Base64 encoding of ID and password joined by a single colon :. In Xfers, ID will be your API KEY, and the password will be your API SECRET.

You can do this by following these steps:

  1. Get the API keys and corresponding secret keys from the Xfers Dashboard.
  2. Build a credential of the form "<api_key>:<secret_key>" by encoding it with Base64 format.
  3. Let's say your api_key=fred, secret_key=fred, then your credential will be ZnJlZDpmcmVk
# Directly use the headers for authentication 
curl \
  -H "Authorization: Basic ZnJlZDpmcmVk"
# Alternatively, you can directly use -u provided by cURL 
curl \
  -u 'fred:fred'

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.