Authentication

Leepa Africa has implemented a secure, API key-based authentication system for API access. Here's an overview:

Registration and API Key Issuance

• Users must register their application via the Leepa Africa Developer Portal to receive an API key.
• Upon registration, a unique API key is generated, which is necessary for all API requests.

API Access

• The API key must be included in the HTTP headers of each request to authenticate.
• All API interactions require HTTPS to ensure the security of data in transit.

Key Management

• API keys can be revoked or rotated at any time through the Developer Portal.
• Revoking a key immediately disables its access.
• Key rotation is supported, allowing new keys to be generated without disrupting service. Old keys can remain active for a limited grace period during the transition.

Security and Monitoring

• The system enforces rate limiting based on API keys to prevent abuse.
• API requests are logged for security and monitoring purposes.
• Keys are stored securely, with encryption applied to sensitive information.

This authentication system is designed to ensure secure and controlled access to the Leepa Africa API, giving users the ability to manage their API keys directly for increased security and flexibility. All API requests must include the following headers for authentication:

• Merchant-ID: The unique identifier assigned to each merchant.
• API-Key: The API key generated through the merchant dashboard.