Authentication & Access

Header-Based Authentication

Authentication is performed by the use of HTTP headers.

Provide your API Key as the full value of the Authorization HTTP header.

The API Key identifies the merchant account associated with the transaction. However, if a merchant has multiple locations in their account - some calls (and notably the validation and redemption calls) will require a location to be specified (in the organizationID field).

API Key Access Levels

API Keys are granted 1 of 2 access levels:

1. Account Integrator
   1. Allows integration to act on behalf of a specific merchant account and may allow read/write capabilities to sensitive information related to that account.
   2. Locations within the account must be associated to the key (by Gift Local support team) to make them accessible when using the API Key.
2. System Integrator
   1. Allows integration to perform operations not associated to a specific merchant account.
   2. May allow read / write to non-sensitive (ie public) information about numerous merchant accounts.

Keep your API Keys Secret

Your API Key is like a password and exposure could lead to unwanted access of your data. It is intended for server-to-server communication only. We will deliver your production API Key(s) to you via a secure link. Please store them someplace secure after receipt and never share them unencrypted or include them in client side code.