Authentication
Reading: an Abstract Intro to How Authentication works with Magic’s Services.
Credentials at a high-level
Magic assigns each merchant unique API key.
Note:
API key values are highly sensitive. They should be stored securely within your systems and otherwise not shared or made accessible to any person or system.
API Authentication
All server-side requests must provide valid authentication credentials in their request headers. Server-side API requests require an API key.
Magic’s e-commerce platform partners must securely access this data and exclusively use each merchant’s particular keys when performing requests on their behalf.
The keys should be handed in as headers to the request:
Header Name | Value |
---|---|
api-key | api_key_value |
Putting it Together: An Integration
Magic Pay has two types of users: a merchant and a consumer. Each user has to authenticate in a different way.
API Token
Merchant
- As mentioned before, merchants have to receive a pair of API keys.
- Merchants onboarding can generate an API key from the Django Admin Panel while creating the “Merchant Object.”
Authentication Token
Consumer
- Consumers need two things to effectively use Magic: an authentication token when registering for Magic (made through Plaid), as well as a checkout ID that is unique to whichever unique time they’re purchasing a product at the merchant’s store.
- Generally, an authentication token is made whenever a consumer creates an account with Magic using their phone number.
- A merchant will have to auto-generate a checkout ID for each consumer when they checkout with the Magic product. This is tied into the backend and will be featured again later.
Base Urls
Sandbox Base URL
https://api-dev.join-magic.com/api/