RedeemSG Integration Guide
  • Overview
  • PHASE 1: GETTING STARTED
    • Submit interest to NEA
    • Information provided
  • PHASE 2: INTEGRATION
    • Overview
    • API documentation
      • Introduction
      • Environment
      • Authentication
        • In event of leaked API key
      • Redeeming a QR code Voucher
        • POST /v1/vouchers/redeem
          • Attributes
          • Returns
        • Making Idempotent Redemption Requests
          • Introduction
          • Implementation and Details
      • Retrieving transactions
        • GET /v1/transactions
        • Request
        • Response
      • Errors
        • Overview
        • Error codes
      • Changelog
    • Tech requirement
      • Overall flow
      • Sales System Requirements
      • Reconciliation requirements
      • Changelog
    • Generate API keys
      • Login
      • Create API key
  • PHASE 3: UAT
    • Overview
    • Complete test cases
      • Create vouchers
      • Download test cases
    • UAT self-review
      • Review UAT results
    • Inform NEA
    • UAT with RedeemSG
      • UAT submission
    • What should I do if I have questions?
      • FAQs
      • Weekly office hours
  • PHASE 4: PRODUCTION TESTING
    • Production testing
      • Arrange date for prod testing
      • Test cases conducted
      • Items to prepare
      • FAQs
    • Ops readiness check
Powered by GitBook
On this page
  1. PHASE 2: INTEGRATION
  2. API documentation

Authentication

PreviousEnvironmentNextIn event of leaked API key

Last updated 6 months ago

3. Authentication

RedeemSG uses API keys to authenticate requests. Each retailer should use an API key which uniquely identifies them.

Authentication with your API key is performed by providing it in the header x-api-key:

-H "x-api-key: YOUR_API_KEY"

Test mode keys will have the prefix test_ and live mode keys will have the prefix live_.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

To test that retailers are properly authenticated, you can send in this request body to with the API-key you have created (step-by-step guide ).

https://api-merchants-test.redeem.gov.sg/v1/vouchers/redeem
here