Authentication
Learn how to authenticate your API requests
Overview#
The Yassir Payment uses different authentication methods depending on the type of request you are making:
- Bearer Authentication (Base64-encoded client credentials) - For server-to-server API calls
- Client Secret (
x-client-secretheader) - For payment-scoped SDK/web flows - User Token (JWT via
x-client-tokenorAuthorization) - For mobile app flows
Security Warning
Never expose your Client Secret in frontend code. The Client Secret should only be used on your server. The payment-scoped client secret (returned when creating a payment intent) is safe to use in the browser.
Required Headers#
All API requests require the following headers:
AuthorizationstringrequiredBearer authentication with your Client ID and Secret encoded in Base64. Format:
Bearer base64(client_id:client_secret)x-platformstringrequiredThe platform making the request.
Allowed values:
APIWEBANDROIDIOSx-servicestringrequiredYour service identifier provided during onboarding.
Content-TypestringrequiredMust be
application/json for all requests.x-localestringoptionalUser locale for localized responses. Examples: en-US, fr-FR, ar-DZ
x-country-codestringoptionalISO 3166-1 alpha-3 country code. Examples: DZA, MAR, TUN
Example Request#
Here is an example of an authenticated API request:
Create Payment Intent
curl -X POST https://api.payment.yassir.io/api/v1/payments/intents \
-H "Authorization: Bearer $(echo -n 'your_client_id:your_client_secret' | base64)" \
-H "Content-Type: application/json" \
-H "x-platform: API" \
-H "x-service: YOUR_SERVICE" \
-d '{
"actionId": "order_12345",
"amount": 1500.00,
"currencyCode": "DZD"
}'curl -X POST https://api.payment.yassir.io/api/v1/payments/intents \
-H "Authorization: Bearer $(echo -n 'your_client_id:your_client_secret' | base64)" \
-H "Content-Type: application/json" \
-H "x-platform: API" \
-H "x-service: YOUR_SERVICE" \
-d '{
"actionId": "order_12345",
"amount": 1500.00,
"currencyCode": "DZD"
}'Environments#
We provide two environments for integration:
| Environment | Base URL | Purpose |
|---|---|---|
| Sandbox | https://stg-api.payment.yassir.io | Testing and development |
| Production | https://api.payment.yassir.io | Live transactions |
Test Credentials
Use your sandbox credentials during development. Test with Yassir Cash in the sandbox environment before going live.