API Request on 6thbridge are classified into client-id and client-secret request, we will talk more about it
Security
We strongly advised that the client-secret should not be used on any frontend application or saved in any frontend application storage as it grants an attacker full access to the client's data and resources on the platform.
client-id
Some endpoint like fetch all banks can be accessed using client-id alone, this allows us to identify the client making the request.
//header of the request should contain:
curl --request POST \
--url https://baseURL/... \
--header 'Content-Type: application/json' \
--header 'client-id: {{client-id}}'
client-secret
Most of the endpoint like send sms, send email, or initialize payment will need more security so the client secret will be needed
//header of the request should contain:
curl --request POST \
--url http://baseURL/... \
--header 'Content-Type: application/json' \
--header 'client-id: {{client-id}}' \
--header 'client-secret: {{client-secret}}'