Skip to main content

API Authentication

Every request to Mobiska’s API must be authenticated to ensure secure access to our services. We use Basic Authentication to verify the identity of API consumers.

Authentication Flow

All API requests must include an Authorization header containing your encoded credentials. Requests without proper authentication will be rejected with a 401 Unauthorized response.

Constructing Your Credentials

Follow these steps to generate your Authorization header:
  1. Combine Keys: 
    {client_key}:{secret_key}
    Example: mob_client_123:sk_live_abcdef123456
  2. Base64 Encode: Convert the combined string to base64 format 
    # Example using command line
echo -n "mob_client_123:sk_live_abcdef123456" | base64
  3. Create Header: Prefix the encoded string with Basic 
    Authorization: Basic {base64_encoded_string}

Obtaining API Keys

1

Create Developer Account

Register at dashboard.mobiska.com to access the developer portal
2

Complete Verification

Submit required business documentation and complete the verification process
3

Find API Keys

Once verified, find your Client Key and Secret Key from the dashboard

Request Example

Here’s how to include authentication in your API requests: 
curl -X POST https://api.mobiska.com/v1/payments \
  -H "Authorization: Basic bW9iX2NsaWVudF8xMjM6c2tfbGl2ZV9hYmNkZWYxMjM0NTY=" \
  -H "Content-Type: application/json" \
  -d '{
    "amount": 1000,
    "currency": "USD",
    "description": "Test payment"
  }'

Security Guidelines

Protect your API credentials with these best practices:

Secure Storage

Never expose API keys in client-side code or public repositories

Environment Separation

Use different API keys for development and production environments

Regular Rotation

Periodically rotate your API keys to minimize security risks

Access Control

Implement IP whitelisting for additional security

Handling Authentication Errors

Common authentication-related errors you might encounter:
Status CodeDescriptionResolution
401Invalid credentialsCheck if your API keys are correct
403Insufficient permissionsVerify your account has necessary access
429Rate limit exceededImplement proper request throttling
If you suspect your API credentials have been compromised, immediately rotate your keys from the dashboard and contact our support team.
For additional security measures and best practices, refer to our Security Guide.