Authentication

The StraitsX API uses API keys to authenticate requests. You can view and manage your API keys and secrets on the StraitsX Business Dashboard.

Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

Authentication to the API is performed via HTTP Basic Auth. Provide your API key as the basic auth username value and apply the secret key as the password.

API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

Header Parameter NameInstructionsSecurity Scheme Type
X-XFERS-APP-API-KEYYou can retrieve this from your StraitsX Business DashboardUsed during the Connect process to create an account, trigger OTP and retrieve a User API Token
X-XFERS-APP-SECRET-KEYYou can retrieve this from your StraitsX Business DashboardUsed to generate the signature in the request body of the Connect process
X-XFERS-USER-API-KEYYou can retrieve this by using the Get a user account token APIUsed to perform actions on behalf of a connected user, such as accepting payments from their Personal Account