PagSeguro Payout’s API uses the Basic Authentication approach.
That means the client has to send the HTTP requests with the Authorization header. The Authorization header must contain the word Basic followed by a space and a base64-encoded string api-key:secret-key.
For exemple:

Authorization: Basic YXBpLWtleTpzZWNyZXQta2V5

Because base64 is easily decoded, BoaCompra Payout’s API only accepts request through HTTPS/SSL. Once Merchant's Onboarding is concluded, Merchant’s Developers will have a credential pair (api-key and secret-key) to use in the requests.


Security of the credential pair

It is important to notice that once the credential pair is known by someone, it will be possible to create payout transaction with PagSeguro.
Be sure that you keep the credential pair (api-key and secret-key) in a safe and private place.
Do not share them in client-side application or public repositories.

You must encode the api-key and the secret-key together with a colon in between them.

The code snippet below shows an Authorization header’s exemple generated in PHP:

$apiKey = "3588f0e6653448a5b1c2be1e77bef2d7";
$secretKey = "041dfc2528904178a3d9a19dff5cb8a0";
$encodedString = base64_encode(sprintf("%s:%s", $apiKey, $secretKey));
$authorizationHeader = sprintf("Authorization: Basic %s", $encodedString);
echo $authorizationHeader;
// Authorization: Basic MzU4OGYwZTY2NTM0NDhhNWIxYzJiZTFlNzdiZWYyZDc6MDQxZGZjMjUyODkwNDE3OGEzZDlhMTlkZmY1Y2I4YTA=

Please refer to the recipe below on how to generate the Authorization header for your requests: