This guide provides steps on how to authenticate your API calls by making use of the API keys made available to the user.

For authentication requests to the Waza API, the API keys gotten from the dashboard are to be used. All requests must be made over HTTPS and authenticated by passing your SANDBOX or LIVE (PRODUCTION) API key in the header.

You can view and manage your API keys on the Waza Dashboard.

API keys must be passed in the x-waza-key custom request header. Sandbox mode keys have the prefix waza_sk_test_ and live mode keys have the prefix waza_sk_live_.

Here's the format for authenticating requests to Waza:

curl --request GET \
     --url '<base-url>/v2/orders?page=1&limit=10' \
     --header 'accept: application/json' \
     --header 'x-waza-key: <your-secret-key>'

API keys must always be kept secret

They should not be in your client-side code or checked into your application's code or committed to git.

All API requests must be made over HTTPS.



An invalid, missing or expired api key will result in HTTP 401 Unauthorized responses.

What’s Next