Authentication and Authorization

Basic Authentication Process

The IC API uses Basic Authentication process to secure access to its services. To authenticate your requests:

1. Combine your API username and password into a single string, separated by a colon. For example, username:password.
2. Encode the combined string in base64 format.
3. Include the base64-encoded string in the Authorization header of your API request in the following format: Authorization: Basic {base64_encoded_username_password}.

For example:

If the agent's username is AE0000001 and the password is superSecretPassword, then Base64 encoding should be applied to the value AE00000001:superSecretPassword . Then, authorization header value would be:

Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

Managing API Keys and Subscriptions

In addition to Basic Authentication, for production and UAT environments, you'll need to include your subscription key in each API request to manage your subscription and track usage.

To include the subscription key, add it as a header in your request in the following format: Ocp-Apim-Subscription-Key: {your_subscription_key}.

Keep your subscription key secure and do not expose it in client-side code or public repositories.

Change Password process

In order to change password, you need to use /accounts/change-password endpoint.

1. Prepare the string that contains agent user id, old password and new password separated by colon “:”
2. Convert the value to the base64 encoded string
3. Copy paste base64 encoded string value to the Authorization header
4. Fill in x-fapi-financial-id header
5. Fill in Ocp-Apim-Subscription-Key header
6. Send the change password request

For example:

If the agent's username is AE00000001 and the current password is ABC123 and a new password is Password123! then Base64 encoding should be applied to the value AE00000001:ABC123:Password123!

Authorization: Basic QUUwMDAwMDAwMTpBQkMxMjM6UGFzc3dvcmQxMjMh