API Authentication (HTTP Basic)
Recurly uses HTTP Basic Authentication—your API key is securely encrypted by the SSL channel.
If you are testing the API calls via the command line with cURL, try:
curl -H 'Accept: application/xml' \
-H 'Content-Type: application/xml; charset=utf-8' \
-u [API Key]: https://[subdomain].recurly.com/v2/accounts
In most programming languages, the API key can be specified in the authentication section of request. If your language requires a username and password, enter the API key in the username and set the password to an empty string.
Calculating your own authorization header
Most programming languages encode the authorization header automatically. With HTTP Basic Authentication, the Authorization header is a string containing a Base-64 encoded username and password. In the case of Recurly’s API, you need only specify the username as your API key. If your library requires a password, set it to an empty string.
"Authorization": "Basic " + base64_encode(API Key)Additional headers
Accept header
Recurly API v2 returns results as XML. Your requests should always include the header requesting the results as XML:
Accept: application/xmlContent-Type header
When sending data to Recurly in a POST or PUT request, your request must specify the content type of your request:
Content-Type: application/xml; charset=utf-8If your XML request is invalid, the API will respond with a status code 400
Bad Request. This commonly occurs when ampersands are not correctly encoded in the text of your request. Please inspect the body of the response for more details regarding the error.