Skip to content
Docs
API Reference
Docs
API Reference

Authentication

Generate a user token and use this token in your API call headers to the Allawee API for all requests.

Generate your user token

  1. Sign in at https://infra.allawee.com/. You can create an account if you do not have one.
  2. Generate API keys.

Create project diagram

  1. Create a key. You would need to give the key a name you will use to identify it.

API key name

  1. Set the mode for your key. Use TEST mode for test keys, and LIVE mode for keys you want to use in production. You will also need to set your token scopes.

Key mode and scope diagram

  1. You need to store the token somewhere safe when you see it. Once you close the modal, you will not be able to retrieve the token and will need to create a new one.

Caution: Make sure you store your user token securely. Do not check it into version control or store it anywhere that is publicly accessible. If you believe that someone else may have access to your token, you should revoke your token.

Key scopes

You should authorise your token to only do what you want your application to do, giving it minimum privileges. For this, we have key scopes. The scopes you activate will determine what the key can do. You can add multiple scopes to a single token. However, you should only do this when necessary. Your scopes cannot be changed for a token once you have set it and you will need to generate a new token to increase your application’s scopes. The scopes include:

  • CARD OPERATIONS: Allows your application to perform all actions related to card operations.
  • CARD AUTHORIZATIONS: Allows your application to perform all actions related to card authorizations.
  • CARD TRANSACTIONS: Allows your application to perform all actions related to card transactions.
  • CARD DISPUTES: Allows your application to perform all actions for card disputes.
  • CARD TRANSFERS: Allows your application to perform all actions for card transfers.
  • CARD PROGRAM OPERATIONS: Allows your application to perform all actions for card program operations.
  • CARD OPERATIONS: Allows your application to perform all actions for card operations.
  • ACCOUNT OPERATIONS: Allows your application to perform all actions for aacount operations.
  • WEBHOOK OPERATIONS: Allows your application to perform all actions for webhook operations.

Pass your token to your API calls

You need to add your user token to the header of your API calls for authentication. Do so in this format:

Authorization: "Bearer {{your user_token here}}"

If your user token is ​​​​aDOkDab.FTzZRShGzj7pBaoJ8NG2K0ww3dtV7Ir2, your header will be:

Authorization: "Bearer ​​aDOkDab.FTzZRShGzj7pBaoJ8NG2K0ww3dtV7Ir2"

Revoking tokens

If you believe your token’s security has been compromised or you do not need the token anymore, you should revoke it. Any call made to the Allawee API with a revoked token will fail. To revoke your token, do the following.

  1. Sign in to your account at https://infra.allawee.com/.
  2. Navigate to API keys module you should see a list of access keys you have created.

List of API keys

  1. Use the name of the keys to identify which key you wish to revoke. You can also see the first eight letters of each access key.
  2. Click the delete icon next to the token twice. The first time you click it, a warning icon will appear. We will only delete the token if you click it again within a short interval.

Last updated Aug. 01, 2023

Next Up: Versioning
Privacy Policy Terms of Service
Page Outline