Y

Authentication

Learn how to authenticate your API requests

Overview

The Yassir Payment Gateway uses different authentication methods depending on the type of request you are making:

  • Basic Authentication - For server-to-server API calls
  • Bearer Token - For user-specific mobile app flows

Security Warning

Never expose your Client Secret in frontend code. The Client Secret should only be used on your server. The payment-scoped client secret (returned when creating a payment intent) is safe to use in the browser.

Required Headers

All API requests require the following headers:

Authorizationstringrequired
Basic authentication with your Client ID and Secret encoded in Base64. Format: Basic base64(client_id:client_secret)
x-platformstringrequired
The platform making the request.
Allowed values:
APIWEBANDROIDIOS
x-servicestringrequired
Your service identifier provided during onboarding.
Content-Typestringrequired
Must be application/json for all requests.
x-localestringoptional
User locale for localized responses. Examples: en-US, fr-FR, ar-DZ
x-country-codestringoptional
ISO 3166-1 alpha-3 country code. Examples: DZA, MAR, TUN

Example Request

Here is an example of an authenticated API request:

Create Payment Intent
curl -X POST https://api.payment.yassir.io/payments/intents \
  -H "Authorization: Basic $(echo -n 'your_client_id:your_client_secret' | base64)" \
  -H "Content-Type: application/json" \
  -H "x-platform: API" \
  -H "x-service: YOUR_SERVICE" \
  -d '{
    "actionId": "order_12345",
    "amount": 1500.00,
    "currencyCode": "DZD"
  }'

Environments

We provide two environments for integration:

EnvironmentBase URLPurpose
Sandboxhttps://stg-api.payment.yassir.ioTesting and development
Productionhttps://api.payment.yassir.ioLive transactions

Test Credentials

Use your sandbox credentials during development. Test with Yassir Wallet in the sandbox environment before going live.