Authentication

Beam API authenticates your requests to ensure that they really come from you.

Authentication to the API is performed via HTTP Basic Auth. In the username and password fields, provide the following:

Username - Provide your Beam Merchant ID
Password - Provide your Beam API Key

Your Beam API Key can be self-managed through your account in Lighthouse under the Developers section.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail with the relevant error being returned to you.

There are two types of API key that serve different purposes.

Publishable Key

Publishable Key is used when you make a request from client side, for example card tokenization API.

NOTE
Publishable Key is safe to be shared.

Here is an example of publishable key usage to create a card token:

POST /client/v1/card-tokens
Authorization: Basic <merchantId> <publishableKey>

{
    "pan": "<...>",
    "cardHolderName": "<...>",
    "expiryYear": ...,
    "expiryMonth": ...
}

Secret Key

Secret Key is used when you make a request from the server side. Most of our APIs are authenticated in this manner unless stated otherwise.

CAUTION
Please DO NOT share your secret API keys in any publicly accessible places such as GitHub, GitLab, BitBucket, on your client-side code, and so on.

Here is an example of secret key usage to create a charge:

POST /api/v1/charges
Authorization: Basic <merchantId> <secretKey>

(create charge request body)
{
    ...
}

Authentication

Beam API authenticates your requests to ensure that they really come from you.

Authentication to the API is performed via HTTP Basic Auth. In the username and password fields, provide the following:

Username - Provide your Beam Merchant ID

Password - Provide your Beam API Key

Your Beam API Key can be self-managed through your account in Lighthouse under the Developers section.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail with the relevant error being returned to you.

There are two types of API key that serve different purposes.

Publishable Key

Publishable Key is used when you make a request from client side, for example card tokenization API.

NOTE

Publishable Key is safe to be shared.

Here is an example of publishable key usage to create a card token:

POST /client/v1/card-tokens Authorization: Basic <merchantId> <publishableKey> { "pan": "<...>", "cardHolderName": "<...>", "expiryYear": ..., "expiryMonth": ... }

Secret Key

Secret Key is used when you make a request from the server side. Most of our APIs are authenticated in this manner unless stated otherwise.

CAUTION

Please DO NOT share your secret API keys in any publicly accessible places such as GitHub, GitLab, BitBucket, on your client-side code, and so on.

Here is an example of secret key usage to create a charge:

POST /api/v1/charges Authorization: Basic <merchantId> <secretKey> (create charge request body) { ... }