Your application must send the following HTTP headers with all requests to the Caddi API. This ensures we can correctly identify and communicate with your application, and assist you with troubleshooting should you have integration issues occur.
| Header Name | Contents |
|---|---|
| X-API-KEY | The API Key provided to you by Caddi. |
| Content-Type | application/json |
| Accept | application/json |
| User-Agent | A valid HTTP User-Agent identifying the application making API requests to Caddi. |
API Key Security
All precautions should be taken to ensure the API Key provided to you by Caddi is kept secret at all times, and API requests are only ever made from a secure server-side backend.
During the Merchant setup process, your Caddi Relationship Manager will ask you to provide a server IP address or IP address range from which API requests will be made. Any attempt to make an API request from a non-whitelisted IP address will be blocked.