The headers used in Secure Payments differ from the ones used in LMS. The Secure Payments API will look for two specific headers to authenticate your request: Authorization and Secret.

Double-check your spelling, as your headers will need to be spelled and formatted exactly as they are shown here to work.

To view your authentication information, navigate to Settings > Company > Merchant > Secure Payments within your account.


Please note that your Secure Payments authentication information expires every 90 days.


Here is a breakdown of the required headers:

  1. The Authorization header refers to the "Token" section of your Secure Payments authentication information. This token is quite long, so make sure you copy the whole thing when using it in a REST or HTTP client.

  2. The Secret header refers to just that—the "Secret" section of your authentication information. This token is a little shorter; however, double-check you have it right when you copy this one, too.

Your completed headers will look something like this (just with full tokens instead of shortened ones):
Authorization: ZkZQSlo4dWdxanU0eW5ZNHNrTlQ3Zz09LkFRSURBSGpVakZZN2xySFRSRVhEU...

For more information regarding credentials, take a look at our Secure Payments Credentials Management article.