Authentication
Base URL
https://h0n277p4vd.execute-api.us-east-1.amazonaws.com/stagingAll requests to the Uthrive API require authentication to ensure secure and authorized access. Uthrive uses API key-based authentication with a two-header scheme. Your API keys carry many privileges, so be sure to keep them secure!
All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail. All endpoints require authentication via request headers.
Add these headers to every API request:
| Header | Type | Required | Description |
|---|---|---|---|
| client-id | string | Yes | Your Uthrive client ID |
| api-key | string | Yes | Your Uthrive API Key |
Example HTTP Headers
client-id: your_client_id_here
api-key: your_api_key_here
Example Request
Using curl
curl -X POST "https://h0n277p4vd.execute-api.us-east-1.amazonaws.com/staging/reward/earned" \
-H "Content-Type: application/json" \
-H "client-id: your_client_id_here" \
-H "api-key: your_api_key_here" \
-d '{"transactions": [...] }'
Using Node axios module
npm install axiosconst axios = require('axios');
const url = 'https://h0n277p4vd.execute-api.us-east-1.amazonaws.com/staging/reward/earned';
const headers = {
'Content-Type': 'application/json',
'client-id': 'your_client_id_here',
'api-key': 'your_api_key_here'
};
const data = {
transactions: [
// add your transaction objects here
// Example:
// {
// transactionId: "12345",
// transactionAmount: 100.50,
// transactionDate: "2023-10-01",
// merchant: "Amazon",
// cardName: "Chase Sapphire Preferred"
// }
]
};
axios.post(url, data, { headers })
.then(response => {
console.log(response.data);
})
.catch(error => {
if (error.response) {
console.error('API Error:', error.response.status, error.response.data);
} else {
console.error('Network/Error:', error.message);
}
});
Using Node.js https module
const https = require('https');
const data = JSON.stringify({
transactions: [
// add your transaction objects here
]
});
const options = {
hostname: 'h0n277p4vd.execute-api.us-east-1.amazonaws.com',
path: '/staging/reward/earned',
method: 'POST',
headers: {
'Content-Type': 'application/json',
'client-id': 'your_client_id_here',
'api-key': 'your_api_key_here',
'Content-Length': Buffer.byteLength(data)
}
};
const req = https.request(options, res => {
let responseBody = '';
res.on('data', d => { responseBody += d; });
res.on('end', () => {
console.log('Response:', responseBody);
});
});
req.on('error', error => {
console.error('Request error:', error);
});
req.write(data);
req.end();
Obtaining Your Credentials
- For platform partners: Uthrive will provision your client ID and API key.
- For individual developers: Sign up on the Uthrive developer portal or contact your Uthrive account representative.
Security Best Practices
- Never expose your API key in client-side code, browser apps, or public repositories.
- Store your credentials securely using environment variables or secure secrets management tools.
- Rotate your API keys regularly as per your organization’s security policies.
Error Responses
If authentication fails, the API will return a 401 Unauthorized HTTP status with an error message, such as:
{
"message": "Unauthorized: Invalid or missing API key/client ID."
}Always keep your API credentials confidential. If you believe your keys are compromised, rotate them immediately in your Uthrive account dashboard or contact support.
