Most APIs in this integration require authentication. The only exception is the `
/orders/pay` API, which does not require any authentication and can be safely done from the browser as well.
The standard authentication uses two specific headers `
x-client-id` and `
x-client-secret`. Please pass your `
appId` and `
secretKey` in these fields. (see screenshot below to access these from dashboard)
Please ensure that your secret key is securely placed and cannot be accessed by anyone.
Also never call any API which requires authentication from the client as that would require you to expose the secret key to the client.
Below is a curl request which shows how to pass these headers in the API call.