In order to correctly authenticate API requests, your application must send the X-API-Key HTTP header with all API requests.
In order to obtain an API Key, please speak with your Caddi Relationship Manager.
API Key Security
All precautions should be taken to ensure the API Key provided to you by Caddi is kept secret at all times, and API requests are only ever made from a secure server-side backend.
During the Merchant setup process, your Caddi Relationship Manager will ask you to provide a server IP address or IP address range from which API requests will be made. Any attempt to make an API request from a non-whitelisted IP address will be blocked.