API Authentication Guide
This API utilizes HTTP Basic Access Authentication, requiring a public key (username) and a secret key (password) for all requests. These credentials are passed via the Authorization HTTP header.
Example Request (cURL)
curl --request GET \
--url 'https://service.bnpl.backd.com/v1/backd/bnpl/api/order_placed' \
--header 'Authorization: Basic {{BASE_64_ENCODED_USER_AND_PASS}}'
API Key Types and Environments
Developers are provided with separate API keys for both sandbox and production environments. Each set of keys is environment-specific and cannot be used interchangeably.
API Key Types
- Public API Keys: Used to identify developers and are not sensitive. These keys can be safely used in frontend applications such as mobile apps and web browsers.
- Secret API Keys: Must remain confidential and should never be exposed to customers. These keys are used for handling sensitive data, including:
- Customer Personal Identifiable Information (PII)
- Payment details
- Order and payout information
Security Notice
❗ Important: Never expose secret API keys in client-side applications.
To maintain security and data integrity, all sensitive API requests should be made from your server. This ensures that critical information, such as order totals, remains protected and unaltered.
API Key Structure
Each account is assigned four API keys: one public and one secret key for both sandbox and production environments.
| Type | Environment | Example Key | API Endpoint |
|---|---|---|---|
| Public | Sandbox | pk_placeholder1 | https://sandbox.service.bnpl.backd.com/v1/backd/bnpl/api |
| Secret | Sandbox | sk_placeholder1 | https://sandbox.service.bnpl.backd.com/v1/backd/bnpl/api |
| Public | Production | pk_placeholder2 | https://service.bnpl.backd.com/v1/backd/bnpl/api |
| Secret | Production | sk_placeholder2 | https://service.bnpl.backd.com/v1/backd/bnpl/api |