To keep things as simple as possible, we use Basic HTTP Authentication on all of our endpoints. Here are some of the reasons why:

  • Security: Basic Authentication uses bcrypt encryption, which is more secure than the md5 encryption used by Digest Authentication.
  • Speed: Because of the increased security, requests using Basic Authentication can send the user's credentials in the initial requests, instead of having an extra request to negotiate the connection each time.
  • Simplicity: Basic Authentication is simple and easy to implement. It's also widely supported by libraries, browsers and frameworks.

Most HTTP libraries will have methods already in place in order to use Basic HTTP Authentication. If, however, the library that you are using doesn't provide this functionality, here is how to do it manually:

Basic HTTP Authentication works by adding a header in your request. Request headers are a list of key-value pairs. The key for the header to add for authentication is "Authorization". The value for the header is the word "Basic" followed by a space followed by a base64 encoded hash. To generate this base64 encoded hash, start with the string "username:apikey", substituting your username and apikey for our system. Next, run a base64 encode function on that string.

The resulting header should look similar to the following:

Authorization: Basic QmF0bWFuOkJydWNlV2F5bmU=
If your API client hasn't been authenticated yet, you'll receive a 401 Unauthorized HTTP response. If you receive a 403 Forbidden HTTP response, it means that you can't access the requested resource.



The following examples show you how to set up Basic Authentication on your client. These examples are for PHP.

Zend Framework


To enable Basic Authentication using the Zend_Rest_Client class, set the Authentication credentials and type on the HTTP client.



To enable Basic Auth using the Zend_XmlRpc_Client class, set the Authentication credentials and type on the HTTP client.


If you experience any trouble with the Basic Authentication, consider these common errors:

  • Are you using the correct username?
  • Are you using your API key, not your account password?
  • Check that the client is sending the Authorization header, and that it starts with Basic.
  • Check the HTTP Response Code. If it's anything but 200401 or 403, it's not an authentication issue.

If you're still experiencing issues, contact support and be sure to send them at least your username and API key used in your requests, as well as the content of the request that you're trying to make.

Translate »