# BrokerAPI
# Authentication
# Headers
All requests have a set of headers, they are as followed:
| Header | Value | Information |
|---|---|---|
| Accept | application/json | |
| Content-Type | application/json | |
| Version | 20190501 | |
| Environment | sandbox or live | Default is sandbox |
# Authentication
- To use the API you'll need to provide your credentials, this is your APIKEY (as a username) and your API SECRET (as a password).
- You will need to pass these credentials in every request header via BASIC Authorisation.
- See more here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization (opens new window)
# Signatures [DEPRECATED]
- This method of authentication has been deprecated and will be unsupported from February 2021. We suggest you use Basic Authorisation as detailed above.
- If you are using an API that is not a
GETmethod, you must provide aSignatureheader. - We will not trust your request/payload until we have authenticated your request to prove it was sent by you.
- Signatures are a sha256-hashed combination of your
SECRET, and your request'sPAYLOADin aJSONstring format. - Note: The
JSONpayload you send must be the EXACT payload you used to generate your signature.
# APIKEY and API SECRET
- You can view / generate / reset your APIKEY (and your API SECRET) from the "API Access" page in your Lend Platform login.
- Once your SECRET has been generated, make a note of it, because it will never be revealed again (we do email it to the account holder too).
- See here: https://partners.lend.com.au/partners/api-access (opens new window)