Authentication 🔐
Secure API Authentication
All requests to the QRISLY API require authentication using an API Key. Make sure your API Key is stored securely and never shared publicly.
API Key Setup
Step 1: Generate API Key
- Login to RajaOngkir Collaborator dashboard
- Navigate to API Settings in the Developer menu
- Click Generate New API Key
- Copy your API Key and save it in a secure location
Step 2: Include in Request Headers
Add the API Key to the header of each request with the following format:
X-API-Key: your_api_key_here
Step 3: Start Making Requests
You're now ready to make requests to QRISLY endpoints.
Example Request with Authentication
curl --location 'https://api-sandbox.collaborator.komerce.id/user/api/v1/qrisly/generate-qris' \
--header 'x-api-key: your-api-key' \
--header 'Content-Type: application/json' \
--data '{
"qris_id": 18,
"amount": 1000,
"output_type": "string",
}'
Rate Limiting
API requests are limited based on your subscription tier. Pay attention to the following headers in each response:
| Header | Description |
|---|---|
X-RateLimit-Limit | Total requests allowed in the time window |
X-RateLimit-Remaining | Number of requests remaining |
X-RateLimit-Reset | Timestamp when the limit will reset |
Error: 401 Unauthorized
If you receive a 401 error, check:
- ✓ API Key is included in the X-API-Key header
- ✓ API Key is still active in the dashboard
- ✓ No extra spaces or characters in the API Key
- ✓ Make sure you're using HTTPS, not HTTP
Best Practices
- 🔐 Don't hardcode API Key - Use environment variables
- 🔄 Rotate API Key periodically - Update key every 90 days
- 📊 Monitor API usage - Check dashboard for usage tracking
- 🛡️ Use HTTPS - Always use HTTPS for all requests
- ⏱️ Implement retry logic - Use exponential backoff for error handling