The Direct Access authentication model is required whenever API calls are requested by the same subject that is the owner of the product/service on which operations should be executed.
For example, whenever a company develops a new software to access its own product/services, such as its cash accounts or its corporate credit cards, the Direct Access authentication model must be used.
In this scenario you will be required to manage a single security element:
- API Key An application key, in the form of a base-64 alphanumeric string, like
4MSI5FGCXK5UVV2U487A08OZH4NHCHTKS
.
The following diagram describes the interaction between the two main actors:
APIs may be invoked directly since the authentication is implicitly provided by your APIKey and IP whitelist.
Each API request must be then issued by specifing the following common headers:
Content-Type: 'application/json'
Auth-Schema: 'S2S'
Api-Key: '{Your APIKey}'