Authentication

Table of Contents

API Keys

This section describes what API keys are and how to retrieve them.

Monnify authenticates your API requests using your account’s API keys. If you do not include your key when making an API request or use one that is incorrect or outdated, Monnify will return an error.

All API requests exist in either test or live mode, and one mode cannot be manipulated by data in the other. To get your live and test API keys sign up here

We use two types of API keys on Monnify:  API Keys and Secret Keys

Credential

Description

Credential

Description

API Key

This is required together with your secret key to generate your basic token

Secret Key

This should be kept confidential and only stored on your own servers. Your account’s secret API key can perform any API request to Monnify without restriction. The secret key is used to authorize all your API calls on Monnify.

How to Obtain your API Keys

Your API keys are available on your Monnify Dashboard. You can find it by following the steps below:

  • Login to your Monnify dashboard.

  • Navigate to settings.

  • Select API Keys and Webhooks on the settings tab.

  • The image below shows you where your unique API Key and Secret Key is located.

You can get your credentials for both live mode and test mode by switching the switch between both choices. See sample below:

Generating New API Keys

In cases where your API keys have been compromised, you can easily generate new API keys. Simply click the 'Reset API Keys' text under the API Keys and Webhooks tab on the Settings page.

 

This action will deactivate your current API key and secret immediately and new ones will be generated. You'll need to update your integrations (i.e. backend server configurations, mobile apps, websites, etc) with the new values once this is done.

Authentication

Monnify uses OAuth 2.0 as the basic security protocol. To access monnify endpoints you'd need to get an access token that grants you access to other endpoints.

HTTP METHOD - POST: https://sandbox.monnify.com/api/v1/auth/login

With Monnify, you can authorize your API calls by generating a token. To get one, you simply need to call the login endpoint. You send HTTP requests with the Authorization header that contains the word Basic followed by a space and a base64-encoded string apiKey:clientSecret.

For example, to authorize with public keys:

Credentials

Value

Credentials

Value

API Key

MK_TEST_SAF7HR5F3F

Secret Key

4SY6TNL8CK3VPRSBTHTRG2N8XXEGC6NL

Authorization sample header: Basic base64(ApiKey:SecretKey)

Authorization sample header: Basic TUtfVEVTVF9TQUY3SFI1RjNGOjRTWTZUTkw4Q0szVlBSU0JUSFRSRzJOOFhYRUdDNk5M

Once done, you then make a request to the login API using OAuth2 protocol to generate an access token that will be used to make calls to other monnify endpoints.

Immediately you make a call to the login endpoint, you will get a response that comes with an access token for you to access other monnify endpoints.

{ "requestSuccessful": true, "responseMessage": "success", "responseCode": "0", "responseBody": { "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c", "expiresIn": 3599 } }

The access token needed to call any other monnify endpoints is in responseBody.accessToken.

Our endpoints are either protected by Basic Authentication or OAuth (Bearer Tokens) so you will need to send an Authorization header in either of the formats specified below:

OAuth 2.0 Authorization Header

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

Basic Authentication Authorization Header

Authorization: Basic ZGVtbzpwQDU1dzByZA==



Possible Response Messages And Meaning

Response Message

Meaning

Action

Response Message

Meaning

Action

Access token expired

This implies that the generated access token has exceeded its 1 hour time limit

Kindly regenerate a new access token.

Cannot convert access token to json

This occurs when the access token generated is malformed or is not in the usual access token format.

Kindly recheck if there are any missing characters or if it’s poorly formatted. You can easily generate a new access token.


Related Articles