Authentication is a two-step process: exchange your account credentials for an access token (API key) once, then send that token with every subsequent request.
Step 1 — Generate your access token
Send a POST request to /api/user with your account credentials encoded as HTTP Basic Auth (base64(username:password)).
curl -X POST "https://api.mysubwallet.ng/api/user" \
-H "Authorization: Basic $(echo -n 'username:password' | base64)" \
-H "Content-Type: application/json"
Response
{
"AccessToken": "your_access_token"
}
Your AccessToken is your API key. Store it securely (e.g. an environment variable) and never expose it in client-side code.
Step 2 — Authenticate your requests
Include the token in the Authorization header using the Token scheme on every API call:
-H "Authorization: Token your_access_token"
Token <your_access_token> — your API key from Step 1.
Requests without a valid token return 401 Unauthorized. Keep your key secret — anyone with it can spend your wallet balance.
