Bridge API DocsBridge API Docs
Bridge API Docs

Authentication

Learn how to authenticate your requests to Bridge Developer API

Authentication

Bridge Developer API uses HTTP Basic Authentication to secure all API requests. This ensures that only authorized clients can access the API endpoints.

Authentication Method

All API requests must include authentication credentials in the HTTP header using Basic Authentication.

Headers Required

Authorization: Basic <base64_encoded_credentials>

Where <base64_encoded_credentials> is the Base64 encoding of username:password.

Getting Your Credentials

Your API credentials are provided after completing the onboarding process:

  1. Username (client_key): Your unique API username
  2. Password (secret_key): Your unique API password

These credentials are generated when your integration account is created and approved.

Sandbox vs production credentials

Bridge issues two sets of credentials: one for sandbox integration testing and one for production.

SandboxProduction
Issued whenYou start integrationAfter KYC approval
Service modeSP
API hosthttps://api.bridgeagw.comSame
Auth formatBasic base64(client_key:secret_key)Same

All requests must also include a non-empty User-Agent header. This is required in both sandbox and production environments.

Authorization: Basic <base64_encoded_credentials>
Content-Type: application/json
User-Agent: MyApp/1.0

The credentials format is identical across environments — only the key values change. See the API Reference for per-endpoint sandbox test data.

Example Implementation

curl -X POST "https://api.bridgeagw.com/make_payment" \
  -H "Authorization: Basic QlAxSTFyRzdDV1EzX0M0UEhZTVNNckI5S1dQTnJJWUhaVFBKMjhXLUZLR05TVzFJVkZEPVdNMldVVTM1OkIzOVctckFNRzY0SHJUX0c4PUsyXzRZRDFNPUE4OV85MV85QT0zSHJTNUJXV0tFVzM4Xy1ZWlotNjExcg==" \
  -H "Content-Type: application/json" \
  -d '{
    "service_id": 1,
    "reference": "Transfer to momo",
    "customer_number": "0541234567",
    "transaction_id": "79",
    "trans_type": "CTM",
    "amount": 0.1,
    "nw": "MTN",
    "nickname": "Test",
    "payment_option": "MOM",
    "currency_code": "GHS",
    "currency_val": "1",
    "callback_url": "https://webhook.site/0b429e73-ce5c-420b-af82-a346fb577c43",
    "request_time": "2025-08-31 23:45",
    "landing_page": "https://google.com"
  }'
const username = 'your_username';
const password = 'your_password';
const credentials = btoa(`${username}:${password}`);

const response = await fetch('https://api.bridgeagw.com/make_payment', {
  method: 'POST',
  headers: {
    'Authorization': `Basic ${credentials}`,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    service_id: 1,
    reference: "Transfer to momo",
    customer_number: "0541234567",
    transaction_id: "79",
    trans_type: "CTM",
    amount: 0.1,
    nw: "MTN",
    nickname: "Test",
    payment_option: "MOM",
    currency_code: "GHS",
    currency_val: "1",
    callback_url: "https://webhook.site/0b429e73-ce5c-420b-af82-a346fb577c43",
    request_time: "2025-08-31 23:45",
    landing_page: "https://google.com"
  })
});
import requests
import base64

username = 'your_username'
password = 'your_password'
credentials = base64.b64encode(f'{username}:{password}'.encode()).decode()

headers = {
    'Authorization': f'Basic {credentials}',
    'Content-Type': 'application/json'
}

data = {
    "service_id": 1,
    "reference": "Transfer to momo",
    "customer_number": "0541234567",
    "transaction_id": "79",
    "trans_type": "CTM",
    "amount": 0.1,
    "nw": "MTN",
    "nickname": "Test",
    "payment_option": "MOM",
    "currency_code": "GHS",
    "currency_val": "1",
    "callback_url": "https://webhook.site/0b429e73-ce5c-420b-af82-a346fb577c43",
    "request_time": "2025-08-31 23:45",
    "landing_page": "https://google.com"
}

response = requests.post(
    'https://api.bridgeagw.com/make_payment',
    headers=headers,
    json=data
)

Security Best Practices

  1. Keep Credentials Secure: Never expose your API credentials in client-side code or public repositories.
  2. Use Environment Variables: Store credentials in environment variables or secure configuration files.
  3. Rotate Credentials: Regularly rotate your API credentials for enhanced security.
  4. HTTPS Only: Always use HTTPS when making API requests to ensure credential security.

Error Handling

If authentication fails, the API will return a 401 Unauthorized status with the following response:

{
  "response_message": "You are not allowed to use this service",
  "response_code": "100"
}

Base URL

All API endpoints use the following base URL:

https://api.bridgeagw.com

Make sure to include this base URL when making requests to any of our API endpoints.