A

Autenticacao

Todas as APIs Axon utilizam autenticacao baseada em API Keys. Este guia explica como autenticar suas requisicoes.

Bearer Token

O metodo principal de autenticacao e via Bearer Token no header Authorization:

GET /v1/tokens/tok_123 HTTP/1.1
Host: vault.axon.com
Authorization: Bearer axon_sk_live_abcdef1234567890...
Content-Type: application/json

Exemplos por linguagem

cURL

curl -X GET "https://vault.axon.com/v1/tokens/tok_123" \
  -H "Authorization: Bearer axon_sk_live_abcdef1234567890" \
  -H "Content-Type: application/json"

JavaScript/Node.js

auth.jsjavascript
const response = await fetch('https://vault.axon.com/v1/tokens', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${process.env.AXON_API_KEY}`,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    card: {
      number: '4111111111111111',
      exp_month: 12,
      exp_year: 2025,
      cvv: '123',
    },
  }),
});

const data = await response.json();

Python

auth.pypython
import os
import requests

api_key = os.environ.get('AXON_API_KEY')

response = requests.post(
    'https://vault.axon.com/v1/tokens',
    headers={
        'Authorization': f'Bearer {api_key}',
        'Content-Type': 'application/json',
    },
    json={
        'card': {
            'number': '4111111111111111',
            'exp_month': 12,
            'exp_year': 2025,
            'cvv': '123',
        },
    },
)

data = response.json()

Go

auth.gogo
package main

import (
    "bytes"
    "encoding/json"
    "net/http"
    "os"
)

func main() {
    apiKey := os.Getenv("AXON_API_KEY")

    payload := map[string]interface{}{
        "card": map[string]interface{}{
            "number":    "4111111111111111",
            "exp_month": 12,
            "exp_year":  2025,
            "cvv":       "123",
        },
    }

    body, _ := json.Marshal(payload)

    req, _ := http.NewRequest("POST", "https://vault.axon.com/v1/tokens", bytes.NewBuffer(body))
    req.Header.Set("Authorization", "Bearer "+apiKey)
    req.Header.Set("Content-Type", "application/json")

    client := &http.Client{}
    resp, _ := client.Do(req)
    defer resp.Body.Close()
}

Proteja suas credenciais

Nunca exponha sua API Key secreta em codigo client-side (frontend). Use-a apenas em ambientes server-side seguros.

Erros de autenticacao

401 Unauthorized

API Key ausente, invalida ou expirada.

{
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Invalid API key provided"
  }
}
403 Forbidden

API Key valida mas sem permissao para o recurso.

{
  "error": {
    "code": "FORBIDDEN",
    "message": "API key does not have permission to access this resource"
  }
}

Boas praticas

  • Armazene API Keys em variaveis de ambiente
  • Use HTTPS em todas as requisicoes
  • Rotacione suas API Keys periodicamente
  • Use credenciais diferentes para cada ambiente