MO Technologies API uses the API Key security schema to authenticate HTTP requests. These keys are unique alphanumeric codes or tokens generated by MO as an API provider to authorize and authenticate access to their API. Think of it as a digital "key" that opens the door to specific API endpoints, ensuring that only authorized users or systems can make requests and retrieve data.

The API Key is a critical element in our business operations, providing a secure and efficient way to access and utilize data, services, or resources offered by our application programming interface (API). In MO, we use the x-api-method to protect the information during the management of a credit card portfolio. This means you must include the x-api-key on the headers of each request.

When using MO, it is necessary to verify the identity of a program manager. The API key is provided by MO beforehand, and it is the responsibility of the program manager to include the x-api-key on the headers of every subsequent request. The following provides an example of how this should be done:

curl --request POST \
     --url https://mo-services-demo-cc-alpha.moprestamo.com/customers/confirm/ \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --header 'x-api-key: feebf600-5b52-485a-be26-17cc0debdaee' \
     --data ''

Keep your keys safe

It is important to avoid sharing your secret API keys in public places like Github or Bitbucket since it can allow malicious API calls.