For authentication requests to the Waza API, the API keys gotten from the dashboard are to be used. All requests must be made over HTTPS and authenticated by passing your SANDBOX or LIVE (PRODUCTION) API key in the header.
You can view and manage your API keys on the Waza Dashboard.
API keys must be passed in the
x-waza-key custom request header. Sandbox mode keys have the prefix
waza_sk_test_ and live mode keys have the prefix
Here's the format for authenticating requests to Waza:
curl --request GET \ --url '<base-url>/v2/orders?page=1&limit=10' \ --header 'accept: application/json' \ --header 'x-waza-key: <your-secret-key>'
API keys must always be kept secret
They should not be in your client-side code or checked into your application's code or committed to git.
All API requests must be made over HTTPS.
An invalid, missing or expired api key will result in HTTP 401 Unauthorized responses.
Updated about 2 months ago