Quicko Connect uses a two-tiered authentication system to secure API interactions and ensure that only authorised users can access sensitive data:
- API User Access Token: Required to interact with OAuth APIs. This token authenticates your application as a trusted client.
- Resource Owner Access Token: Used to authenticate requests to Open APIs. This token represents the user's consent and is obtained through the OAuth flow.
Acquiring API User Access Token
To use Quicko's OAuth APIs, you need an API User Access Token:
- Authentication Endpoint: Call the
/authenticateendpoint with your API credentials (key and secret). - Environment-Specific Credentials:
- Test Environment: Use credentials starting with
key_test_...andsecret_test_.... - Production Environment: Use credentials starting with
key_live_...andsecret_live_...for both key and secret.
- Test Environment: Use credentials starting with
Best Practices for Security
- Keep Credentials Secure: Store your API keys and secrets securely and never expose them in public repositories or client-side code.
- Use HTTPS: Ensure all API requests are made over HTTPS to protect data in transit.
- Handle Errors Gracefully: Implement error handling for authentication failures and other API errors.
Acquiring Resource Owner's Access Token
You can read about the OAuth workflow, which details the process to acquire this token.