Learn our API Authentication Methods
Security is paramount at PayGlocal. We keep our API resources protected by utilising industry standard authentication and authorization protocols. PayGlocal Keys are used during authentication. Authentication ensures only PayGlocal onboarded entities are allowed to access resources and hence it becomes imperative for the merchant to store their secrets in a secure manner. For API based integration we provide two modes of authentication which are discussed below.
API Key based Authentication
To get started with this authentication mechanism please follow the steps below:
1 Download your API key from the GCC portal. (Refer the GCC Dashboard section).
2 Pass your API key in the HTTP request header with the key as x-gl-auth.
An example curl request is given below for better understanding.
curl --request GET \
--url https://api.uat.payglocal.in/gl/v1/payments/{$GID}/status \
--header 'accept: application/json' \
--header 'x-gl-auth: your_api_key'
| Questions | Answers |
|---|---|
| What services is this applicable for? | API Key based authentication can only be utilised for PayCollect, Status and Refund APIs. |
| What are the Pros? | It is easy to implement and secure resulting in minimum integration turn around time. |
JWT based Authentication
To get started with this authentication scheme, please connect with our integration team. We will provide you with all the support and SDKs required to get your JWT based authentication in place. This schema utilises the asymmetric and symmetric keys in our system. To read more about JWT, check out this RFC.
| Questions | Answers |
|---|---|
| What services is this applicable for? | JWT based authentication can be utilised for ALL APIs. |
| What are the Pros? | It provides data integrity, non-repudiation and confidentiality of the data sent via a HTTPS channel. |