Authentication
Learn how to authenticate your requests to Bridge Developer API
Authentication
Bridge Developer API uses HTTP Basic Authentication to secure all API requests. This ensures that only authorized clients can access the API endpoints.
Authentication Method
All API requests must include authentication credentials in the HTTP header using Basic Authentication.
Headers Required
Authorization: Basic <base64_encoded_credentials>Where <base64_encoded_credentials> is the Base64 encoding of username:password.
Getting Your Credentials
Your API credentials are provided after completing the onboarding process:
- Username (
client_key): Your unique API username - Password (
secret_key): Your unique API password
These credentials are generated when your integration account is created and approved.
Sandbox vs production credentials
Bridge issues two sets of credentials: one for sandbox integration testing and one for production.
| Sandbox | Production | |
|---|---|---|
| Issued when | You start integration | After KYC approval |
| Service mode | S | P |
| API host | https://api.bridgeagw.com | Same |
| Auth format | Basic base64(client_key:secret_key) | Same |
All requests must also include a non-empty User-Agent header. This is required in both sandbox and production environments.
Authorization: Basic <base64_encoded_credentials>
Content-Type: application/json
User-Agent: MyApp/1.0The credentials format is identical across environments — only the key values change. See the API Reference for per-endpoint sandbox test data.
Example Implementation
curl -X POST "https://api.bridgeagw.com/make_payment" \
-H "Authorization: Basic QlAxSTFyRzdDV1EzX0M0UEhZTVNNckI5S1dQTnJJWUhaVFBKMjhXLUZLR05TVzFJVkZEPVdNMldVVTM1OkIzOVctckFNRzY0SHJUX0c4PUsyXzRZRDFNPUE4OV85MV85QT0zSHJTNUJXV0tFVzM4Xy1ZWlotNjExcg==" \
-H "Content-Type: application/json" \
-d '{
"service_id": 1,
"reference": "Transfer to momo",
"customer_number": "0541234567",
"transaction_id": "79",
"trans_type": "CTM",
"amount": 0.1,
"nw": "MTN",
"nickname": "Test",
"payment_option": "MOM",
"currency_code": "GHS",
"currency_val": "1",
"callback_url": "https://webhook.site/0b429e73-ce5c-420b-af82-a346fb577c43",
"request_time": "2025-08-31 23:45",
"landing_page": "https://google.com"
}'const username = 'your_username';
const password = 'your_password';
const credentials = btoa(`${username}:${password}`);
const response = await fetch('https://api.bridgeagw.com/make_payment', {
method: 'POST',
headers: {
'Authorization': `Basic ${credentials}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({
service_id: 1,
reference: "Transfer to momo",
customer_number: "0541234567",
transaction_id: "79",
trans_type: "CTM",
amount: 0.1,
nw: "MTN",
nickname: "Test",
payment_option: "MOM",
currency_code: "GHS",
currency_val: "1",
callback_url: "https://webhook.site/0b429e73-ce5c-420b-af82-a346fb577c43",
request_time: "2025-08-31 23:45",
landing_page: "https://google.com"
})
});import requests
import base64
username = 'your_username'
password = 'your_password'
credentials = base64.b64encode(f'{username}:{password}'.encode()).decode()
headers = {
'Authorization': f'Basic {credentials}',
'Content-Type': 'application/json'
}
data = {
"service_id": 1,
"reference": "Transfer to momo",
"customer_number": "0541234567",
"transaction_id": "79",
"trans_type": "CTM",
"amount": 0.1,
"nw": "MTN",
"nickname": "Test",
"payment_option": "MOM",
"currency_code": "GHS",
"currency_val": "1",
"callback_url": "https://webhook.site/0b429e73-ce5c-420b-af82-a346fb577c43",
"request_time": "2025-08-31 23:45",
"landing_page": "https://google.com"
}
response = requests.post(
'https://api.bridgeagw.com/make_payment',
headers=headers,
json=data
)Security Best Practices
- Keep Credentials Secure: Never expose your API credentials in client-side code or public repositories.
- Use Environment Variables: Store credentials in environment variables or secure configuration files.
- Rotate Credentials: Regularly rotate your API credentials for enhanced security.
- HTTPS Only: Always use HTTPS when making API requests to ensure credential security.
Error Handling
If authentication fails, the API will return a 401 Unauthorized status with the following response:
{
"response_message": "You are not allowed to use this service",
"response_code": "100"
}Base URL
All API endpoints use the following base URL:
https://api.bridgeagw.comMake sure to include this base URL when making requests to any of our API endpoints.