To authenticate with Kustom's APIs you need an API credential, the primary credential format is an API-key.
An API key has the following format:
kco_<live|test>_<api>_<random>
API key example:
kco_live_api_elZGI1B5dHBIRWltRjF5cjZrNldnbEVjKnIqeC[...]Uybz0
The key contains some information about it's usage:
liveindicates that it's a key used for productiontestindicates that it's a key used for playgroundapiindicates that is'a an API key
The credential is associated with your Merchant ID (MID) and can only be used to transact on your online store.
Note: The API credentials are separate from your MID. It's possible to have several API credentials associated with the same MID.
The API key should be included in the Authorization header for every request in the following format:
Authorization: Basic <API key>
The API key is retrieved from the Kustom Portal or by contacting your regional Kustom merchant support team.
If the credentials are missing or incorrect, Kustom responds with 401 Unauthorized.
If your API client only supports username/password authentication (instead of using API keys directly), Kustom supports HTTP Basic Authentication using this format.
When creating a credential in the Kustom portal, a username in the form of <MID>-<randomsuffix> is displayed together with the API key.
This username can be provided along with the API key as the password to use basic authentication for calling Kustom APIs.
This username is not required, but if it is provided, it must be the correct one.
The call would be made with the following header:
Authorization: Basic base64encode(<username>:<API key>)
You can read more about HTTP basic auth in the wikipedia article.
To ensure your connection is secure, our endpoint supports HTTPS using TLS 1.2 (Transport Layer Security).
The client needs to use Server Name Indication (SNI) in the TLS handshake with the endpoint.