Authentication

Navigating the digital commerce and financial transactions landscape requires a keen understanding of security, specifically authentication methods. At Ottu, we support three distinct types of authentication to help ensure the safe and seamless operation of your payment system: Basic Authentication, Private Key (API-Key), and Public Key.

Basic Authentication

Basic Authentication employs a username and password combination. The access permissions associated with the username must be explicitly defined.

Header: Authorization Basic <username:password> basic auth string.

Please ensure that you follow best practices for credential security. Never store passwords in your code or on the client side. It’s recommended not to assign super-admin permissions via this method, but to carefully regulate the access permissions for each user. Securely store the credentials within the server environment.

Private Key (API-Key)

This key is a high-privilege access token used for server-side communication between your server and Ottu’s API. The private API key should be closely guarded and never shared.

Header: Authorization Value: Api-Key {{api_key}}

Bear in mind, this key grants admin-level privileges across all public endpoints, and leaking it can lead to serious security implications.

Public Key

The Public Key is used to initialize the Checkout SDK and can safely be shared with clients. This key doesn’t provide access to public API endpoints, making it secure for client-side use.

Token Authentication

Please note that Token Authentication, an earlier method, is now considered obsolete and isn’t recommended.

Understanding and implementing these authentication methods correctly are crucial steps toward ensuring the security of your transactions and the protection of your data. Secure key management significantly contributes to the overall safety and integrity of your operations.