Authentication

​

Credentials at a high-level

Magic assigns each merchant unique API key.

​

Note:

API key values are highly sensitive. They should be stored securely within your systems and otherwise not shared or made accessible to any person or system.

​

API Authentication

All server-side requests must provide valid authentication credentials in their request headers. Server-side API requests require an API key.

Magic’s e-commerce platform partners must securely access this data and exclusively use each merchant’s particular keys when performing requests on their behalf.

The keys should be handed in as headers to the request:

​

Putting it Together: An Integration

Magic Pay has two types of users: a merchant and a consumer. Each user has to authenticate in a different way.

​

API Token

Merchant

• As mentioned before, merchants have to receive a pair of API keys.
• Merchants onboarding can generate an API key from the Django Admin Panel while creating the “Merchant Object.”

​

Authentication Token

Consumer

• Consumers need two things to effectively use Magic: an authentication token when registering for Magic (made through Plaid), as well as a checkout ID that is unique to whichever unique time they’re purchasing a product at the merchant’s store.
• Generally, an authentication token is made whenever a consumer creates an account with Magic using their phone number.
• A merchant will have to auto-generate a checkout ID for each consumer when they checkout with the Magic product. This is tied into the backend and will be featured again later.

​

Base Urls

​

Sandbox Base URL

https://api-dev.join-magic.com/api/

​

Live Production Base URL

https://api.join-magic.com/api/