The Quotes API uses Basic Authentication over HTTPS. This method requires you to include an Authorization header in every request.
Credentials
After completing the onboarding process, you receive a pair of credentials for each environment (Sandbox and Production):
- API Key: Identifies your account.
- Secret Key: Used to authenticate your requests.
Keep these credentials secure. Do not share them in client-side code, public repositories, or with unauthorized personnel.
The Authorization header
The Authorization header must contain the word Basic followed by a space and a Base64-encoded string of your api-key and secret-key separated by a colon (:).
Authorization: Basic base64(api-key:secret-key)
If your credentials are:
- API Key:
my-api-key - Secret Key:
my-secret-key
The string to encode is my-api-key:my-secret-key. The Base64 result is bXktYXBpLWtleTpteS1zZWNyZXQta2V5.
The header will looks like this:
Authorization: Basic bXktYXBpLWtleTpteS1zZWNyZXQta2V5
Implementation example (PHP)
The following example shows how to generate the Authorization header programmatically:
<?php
$apiKey = "YOUR_API_KEY";
$secretKey = "YOUR_SECRET_KEY";
$encodedCredentials = base64_encode($apiKey . ":" . $secretKey);
$authorizationHeader = "Authorization: Basic " . $encodedCredentials;
echo $authorizationHeader;
?>