Basic Authentication



What is Basic Auth?


Basic authentication is a means of uniquely and securely identifying the POLi merchant by the use of a Merchant code / Authentication code pair.
Basic Authentication is an HTTP standard. Please see: Basic Authentication RFC

Is it secure?


The BA mechanism provides no confidentiality protection for the transmitted credentials. They are merely encoded with Base64 in transit, but not encrypted or hashed in any way. Basic Authentication must therefore be used over HTTPS.

How do I use it?


To use Basic Authentication with POLi, you need to format a string like so:

MerchantCode:AuthenticationCode

Then Base64 encode it:

TWVyY2hhbnRDb2RlOkF1dGhlbnRpY2F0aW9uQ29kZQ==

And put it as the 'Authorization' header, with the word 'Basic' infront of it:

Authorization: Basic TWVyY2hhbnRDb2RlOkF1dGhlbnRpY2F0aW9uQ29kZQ==

Now, you'll automatically authenticate against our API whenever you make a request. Be sure to include this header whenever communicating to our POLi API.

basicauth.txt · Last modified: 2017/10/24 10:03 (external edit)