Authentication

​Authentication types​
Ottu works with three authentication types:
​ Basic authentication, token authentication, and API key.
​Basic authentication​
Username and password are required. 
The permission access for the user to be defined.
It should be mentioned as below:
Header: Authorization
Username:******* 
Password:*******
​Token authentication​
It is obsolete and only for legacy.
​API keys​
Private key
This key is used when merchant's server communicates with Ottu API, it should not be embedded in SDKs or made it public. 
It should be mentioned as below:
Header: Authorization
Value: Api-Key {{api_key}}
Public key
This key is used for SDKs such like Web, Android, iOS, or Flutter.
​How to get API key​
​Step 1​
Click on add API key.
​Step 2​
Fill the required fields and click save.
Name: required Max length 50.
Revoke: optional once checked, the API key can not be used anymore. 
Expires: optional once the API gets expired, it can not be used anymore.
​Step 3​
Click on the created API key here is named as “Example”.
The API keys private and public will be shown as below figure.