Security

Access to the Modulr API must be over HTTPS in all environments.

HMAC is used to authenticate API calls. As such, you are required to calculate a signature which must be included in the authorization header when making requests. The signature will be unique per API request and will include a token and secret that will be provided during onboarding. Keys and secrets must be kept secure as they authenticate all requests as being approved by your organisation. Instructions on creating the signature are detailed here: Authentication.

Access to the API in the live environment is restricted by IP address. Your IP addresses will be requested during onboarding.

Note that sandbox keys may be time limited to 1 month to allow evaluation. Should you require an extension please contact us.