We use secure tokens to enforce authentication on all endpoints. As part of your onboarding, you'll be given a CLIENT_SECRET. This be environment specific, meaning you'll need a different one for Production and for the Sandbox.

In order to authenticate with our RestAPIs, you'll need to add your CLIENT_SECRET to each API request headers as a Bearer token.

You can test this in the API explorer for these endpoints by passing in Bearer <Client_Secret> into the Authentication option for each endpoint. The TestAuth endpoint provides the simplest way of verifying this works correctly.

Without adding this Authentication header, all APIs will return 401 errors

If for any reason you believe your api keys have been compromised, contact the GiveCard team immediately to request new keys and have the old ones disabled.