Authentication
Mambu supports two methods for authenticating API requests:
- Basic authentication, using Mambu UI login credentials for a user account with API access permissions.
- API keys, which are unique UUID tokens provided in an
apiKeyheader (Early Access feature).
Basic Authentication
- shell
- http
- js
- ruby
- python
- java
- go
curl --location --request GET 'https://TENANT_NAME.mambu.com/api/users' \
--header 'Authorization: Basic U29tZVVzZXI6T3BlblNlc2FtZQ=='
GET /api/users HTTP/1.1
Host: TENANT_NAME.mambu.com
Authorization: Basic U29tZVVzZXI6T3BlblNlc2FtZQ==
var settings = {
"url": "https://TENANT_NAME.mambu.com/api/users",
"method": "GET",
"timeout": 0,
"headers": {
"Authorization": "Basic U29tZVVzZXI6T3BlblNlc2FtZQ=="
},
};
$.ajax(settings).done(function (response) {
console.log(response);
});
require "uri"
require "net/http"
url = URI("https://TENANT_NAME.mambu.com/api/users")
https = Net::HTTP.new(url.host, url.port)
https.use_ssl = true
request = Net::HTTP::Get.new(url)
request["Authorization"] = "Basic U29tZVVzZXI6T3BlblNlc2FtZQ=="
response = https.request(request)
puts response.read_body
import requests
url = "https://TENANT_NAME.mambu.com/api/users"
payload={}
headers = {
'Authorization': 'Basic U29tZVVzZXI6T3BlblNlc2FtZQ=='
}
response = requests.request("GET", url, headers=headers, data=payload)
print(response.text)
OkHttpClient client = new OkHttpClient().newBuilder()
.build();
Request request = new Request.Builder()
.url("https://TENANT_NAME.mambu.com/api/users")
.method("GET", null)
.addHeader("Authorization", "Basic U29tZVVzZXI6T3BlblNlc2FtZQ==")
.build();
Response response = client.newCall(request).execute();
package main
import (
"fmt"
"net/http"
"io/ioutil"
)
func main() {
url := "https://TENANT_NAME.mambu.com/api/users"
method := "GET"
client := &http.Client {
}
req, err := http.NewRequest(method, url, nil)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Authorization", "Basic U29tZVVzZXI6T3BlblNlc2FtZQ==")
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := ioutil.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}
For basic authorization, provide your username and password directly via the Authorization header in the format Basic {base64-encoded-string}, where base64-encoded-string is the base-64-encoded value of your username and password separated by a colon :.
For example, a user with the username SomeUser and the password OpenSesame would take the value SomeUser:OpenSesame and base-64 encode it, yielding U29tZVVzZXI6T3BlblNlc2FtZQ==. They would then provide an Authorization header for their request with the value Basic U29tZVVzZXI6T3BlblNlc2FtZQ==.
See the code samples for this section for sample GET requests to the /users endpoint using the above example.
Note that the login credentials must be for a user account with API access permissions. For more information, see Creating a User - Access Rights in our User Guide.
To ensure the username and password cannot be intercepted, all requests must use HTTPS.
API Keys
API keys are tokens that you provide in an apiKey header to authenticate requests. They are generated by API consumers, which are an abstraction similar to an OAuth client.
API consumers are currently an Early Access feature. If you would like to request access to this feature, please get in touch with your Mambu Customer Success Manager to discuss your requirements.
For more information on API consumers and keys, see API Consumers in our User Guide.