Skip to Content
Get StartedAuthentication

Authentication

Beam API authenticates your requests to ensure that they really come from you.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail with the relevant error being returned to you.

You need to provide one of three types of key, depending on who you are and what API you call.

Merchant API Key

Merchant API Key is used when you make a request from the server side.

Authentication to the API is performed via HTTP Basic Auth . In the username and password fields, provide the following:

  • Username - Provide your Merchant ID
  • Password - Provide your Merchant API Key

Your Merchant API Key can be self-managed through your account in Lighthouse  under the Developers section.

Caution

Please DO NOT share your Merchant API keys in any publicly accessible places such as GitHub, GitLab, BitBucket, on your client-side code, and so on.

Here is an example of Merchant API key usage to create a charge:

POST /api/v1/charges
Authorization: Basic <merchantId> <secretKey>

(create charge request body)
{
    ...
}

Partner API Key

If you are a partner that wants to make a request for a merchant under you, please use Partner API Key to make the request from your server.

Authentication to the API is performed via HTTP Basic Auth . In the username and password fields, provide the following:

  • Username - Provide your Merchant ID
  • Password - Provide your Partner API Key

You also need to provide your Beam Partner ID in the header X-Beam-Partner-ID.

Your Partner API Key can be self-managed through your account in Bridge  under the Merchants > API Keys section.

Caution

Please DO NOT share your Partner API keys in any publicly accessible places such as GitHub, GitLab, BitBucket, on your client-side code, and so on.

Here is an example of Partner API key usage to create a charge:

POST /api/v1/charges
X-Beam-Partner-ID: <partnerId>
Authorization: Basic <merchantId> <secretKey>

(create charge request body)
{
    ...
}

Publishable Key

Publishable Key is used when you make a request from client side to API endpoints with /client prefix, for example Card Tokenization API.

You can find your publishable key in the same place as your API Key in Lighthouse .

Note

Publishable Key is safe to be shared.

Here is an example of publishable key usage to create a card token:

POST /client/v1/card-tokens
Authorization: Basic <merchantId> <publishableKey>

{
    "pan": "<...>",
    "cardHolderName": "<...>",
    "expiryYear": ...,
    "expiryMonth": ...
}
Last updated on
API SpecificationsBeam's Code Conventions