Authentication
Mambu supports two methods for authenticating API requests:
- Basic authentication, using Mambu UI login credentials for a user account with API access permissions.
- API keys, which are unique UUID tokens provided in an
apiKeyheader (Early Access Feature).
Basic Authentication
Example using curl
curl --location --request GET 'https://TENANT_NAME.mambu.com/api/users' \
--header 'Authorization: Basic U29tZVVzZXI6T3BlblNlc2FtZQ=='
For basic authorization, provide your username and password directly via the Authorization header in the format Basic {base64-encoded-string}, where base64-encoded-string is the base-64-encoded value of your username and password separated by a colon ':'.
For example, a user with the username SomeUser and the password OpenSesame would take the value SomeUser:OpenSesame and base-64 encode it, yielding U29tZVVzZXI6T3BlblNlc2FtZQ==. They would then provide an Authorization header for their request with the value Basic U29tZVVzZXI6T3BlblNlc2FtZQ==.
See the example GET requests to the /users endpoint using curl.
Note that the login credentials must be for an account with API access permissions. For more information, see Creating a User - Access Rights in our User Guide.
To ensure the username and password cannot be intercepted, all requests must use HTTPS.
API Keys
API keys are tokens that you provide in an apiKey header to authenticate requests. They are generated by API consumers, which are an abstraction similar to an OAuth client.
API consumers are currently an Early Access Feature. If you would like to request access to this feature, please get in touch with your Mambu Customer Success Manager to discuss your requirements.
For more information on API consumers and keys, see API Consumers in our User Guide.