Authentication

All methods use MEO Wallet’s custom variant of Basic Authentication.

You must create an Authorization header with “WalletPT ” concatenated with your developer token.

For example, for the token 7a0eb41208209639eda9bf765b6cb04d59fb9e34 the authentication header should look like:

Authorization: WalletPT 7a0eb41208209639eda9bf765b6cb04d59fb9e34

Please note that API tokens are linked to wallets so if you are using a merchant account with multiple wallets the Authorization header is how you tell MEO Wallet to which business the operation belongs to.

Get your API key

key3

To get your merchant API Key, log into your merchant account, then click O Meu Negócio and then Chaves de API.

Once there just click to see the API Key. The 40 characters token you’ll see there is the string you should use to authenticate each and every method call.

Remember to keep your API token in a safe place at all times. Here’s some considerations and bad patterns you should avoid:

  • If you need to store the key in your server, please make sure your configuration file is outside the webserver’s docroot.
  • Don’t store the key in your database in plain text.
  • Do not store your configuration file with your key inside your project’s versioning control system.
  • Don’t print the key on paper.
  • Don’t pass along the key to anyone using plain email or any other unsafe communication transport.
  • If your key get compromised, you can always revoke it and create a new one using the merchant’s backoffice.

Here’s our official security page for more information and good pratices (in Portuguese).